CCI-001526

The organization, upon termination of individual employment, retains access to organizational information systems formerly controlled by the terminated individual.

Implementation Guidance

The organization being inspected/assessed upon termination of individual employment retains access to organizational information systems formerly controlled by terminated individual IAW organization security policy and procedures. Organizational information systems formerly controlled by terminated individuals generally refers to issued hardware (e.g. laptops, BlackBerrys, PEDs, removable media, etc)

Validation Procedures

The organization conducting the inspection/assessment interviews appropriate IT and security personnel to validate the organization has procedures in place which, upon termination of individual's employment, will ensure it retains access to organizational information systems formerly controlled by the terminated individual.

Compelling Evidence

1.) SOP/TTP procedure documentation for retaining access to organizational information of terminated individuals.

The controls below (if any) were marked by NIST as being related to CCI-001526.