>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PS-4Personnel Termination

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Upon termination of individual employment: a. Disable system access within organization-defined time period; b. Terminate or revoke any authenticators and credentials associated with the individual; c. Conduct exit interviews that include a discussion of organization-defined information security topics; d. Retrieve all security-related organizational system-related property; and e. Retain access to organizational information and systems formerly controlled by terminated individual.

>DoD Impact Level Requirements

FedRAMP Parameter Values

PS-4 (a) [one (1) hour]

DoD FedRAMP+ Parameters

CSP/CSO may use FedRAMP value.

>Discussion

System property includes hardware authentication tokens, system administration technical manuals, keys, identification cards, and building passes. Exit interviews ensure that terminated individuals understand the security constraints imposed by being former employees and that proper accountability is achieved for system-related property. Security topics at exit interviews include reminding individuals of nondisclosure agreements and potential limitations on future employment.

Exit interviews may not always be possible for some individuals, including in cases related to the unavailability of supervisors, illnesses, or job abandonment. Exit interviews are important for individuals with security clearances. The timely execution of termination actions is essential for individuals who have been terminated for cause.

In certain situations, organizations consider disabling the system accounts of individuals who are being terminated prior to the individuals being notified.

>Related Controls

AC-2
IA-4
PE-2
PM-12
PS-6
PS-7

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is the process for terminating or transferring individuals who no longer require access?
  • How does the organization ensure timely notification of personnel actions to relevant security and IT personnel?
  • Who is responsible for coordinating termination and transfer activities?
  • What is the timeline for revoking access, retrieving organizational property, and conducting exit interviews?
  • What governance exists for ensuring complete and timely personnel termination and transfer actions?

Technical Implementation:

  • What automated workflows trigger when personnel are terminated or transferred?
  • How are access rights automatically revoked across all systems?
  • What systems track the return of organizational property?
  • How is account deactivation coordinated across directories and systems?
  • What technical mechanisms ensure complete removal of access privileges?

Evidence & Documentation:

  • Provide personnel termination and transfer procedures.
  • Provide termination/transfer notification records for the past year.
  • Provide evidence of access revocation within required timelines.
  • Provide documentation of organizational property return.
  • Provide exit interview records and signed departure agreements.
  • Provide audit logs showing account deactivation for terminated personnel.

Ask AI

Configure your API key to use AI features.