zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-04 17:01:56 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/ps-5.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

2.9 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

ps-5 - [catalog] Personnel Transfer

Control Statement

  • [a] Review and confirm ongoing operational need for current logical and physical access authorizations to systems and facilities when individuals are reassigned or transferred to other positions within the organization;

  • [b] Initiate transfer or reassignment actions within time period following the formal transfer action;

  • [c] Modify access authorization as needed to correspond with any changes in operational need due to reassignment or transfer; and

  • [d] Notify personnel or roles within time period.

Control guidance

Personnel transfer applies when reassignments or transfers of individuals are permanent or of such extended duration as to make the actions warranted. Organizations define actions appropriate for the types of reassignments or transfers, whether permanent or extended. Actions that may be required for personnel transfers or reassignments to other positions within organizations include returning old and issuing new keys, identification cards, and building passes; closing system accounts and establishing new accounts; changing system access authorizations (i.e., privileges); and providing for access to official records to which individuals had access at previous work locations and in previous system accounts.

Control assessment-objective

the ongoing operational need for current logical and physical access authorizations to systems and facilities are reviewed and confirmed when individuals are reassigned or transferred to other positions within the organization; transfer or reassignment actions are initiated within time period following the formal transfer action; access authorization is modified as needed to correspond with any changes in operational need due to reassignment or transfer; personnel or roles are notified within time period.

What is the solution and how is it implemented?

Implementation a.

Add control implementation description here for item ps-5_smt.a

Implementation b.

Add control implementation description here for item ps-5_smt.b

Implementation c.

Add control implementation description here for item ps-5_smt.c

Implementation d.

Add control implementation description here for item ps-5_smt.d