CCI-004517

Defines the frequency for individuals requiring access to organizational information to re-sign access agreements.

Implementation Guidance

Determine if individuals requiring access to Organizational information and systems re-sign access agreements to maintain access to Organizational systems when access agreements have been updated or [PS-06_ODP[02]; the frequency at which to re-sign access agreements to maintain access to Organizational information is defined].

Validation Procedures

Examine: [SELECT FROM: Personnel security policy; personnel security procedures; procedures addressing access agreements for organizational information and systems; access control policy; access control procedures; access agreements (including non-disclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements); documentation of access agreement reviews, updates, and re-signing; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with personnel security responsibilities; organizational personnel who have signed/resigned access agreements; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for reviewing, updating, and re-signing access agreements; mechanisms supporting the reviewing, updating, and re-signing of access agreements].

The controls below (if any) were marked by NIST as being related to CCI-004517.