CCI-001526

Upon termination of individual employment, retain access to organizational systems formerly controlled by the terminated individual.

Implementation Guidance

Determine if upon termination of individual employment, access to Organizational information and systems formerly controlled by the terminated individual are retained.

Validation Procedures

Examine: [SELECT FROM: Personnel security policy; procedures addressing personnel termination; records of personnel termination actions; list of system accounts; records of terminated or revoked authenticators/credentials; records of exit interviews; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with personnel security responsibilities; organizational personnel with account management responsibilities; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for personnel termination; mechanisms supporting and/or implementing personnel termination notifications; mechanisms for disabling system access/revoking authenticators].

The controls below (if any) were marked by NIST as being related to CCI-001526.