>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PS-4(2)Personnel Termination | Automated Actions

IL4 High
IL5
IL6

>Control Description

Use organization-defined automated mechanisms to [Selection (one or more): notify organization-defined personnel or roles of individual termination actions; disable access to system resources].

>DoD Impact Level Requirements

FedRAMP Parameter Values

PS-4 (2)-2 Notify [access control personnel responsible for disabling access to the system]

>Discussion

In organizations with many employees, not all personnel who need to know about termination actions receive the appropriate notifications, or if such notifications are received, they may not occur in a timely manner. Automated mechanisms can be used to send automatic alerts or notifications to organizational personnel or roles when individuals are terminated. Such automatic alerts or notifications can be conveyed in a variety of ways, including via telephone, electronic mail, text message, or websites.

Automated mechanisms can also be employed to quickly and thoroughly disable access to system resources after an employee is terminated.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern automated actions for organizational personnel?
  • Who is responsible for implementing and overseeing automated actions controls?
  • How does the organization coordinate automated actions with HR and legal teams?
  • What is the process for handling exceptions to automated actions requirements?
  • What governance exists for ensuring consistent application of automated actions across the organization?

Technical Implementation:

  • What systems or tools technically implement automated actions?
  • How are automated actions activities integrated with HR and identity management systems?
  • What automation supports automated actions enforcement and tracking?
  • What audit capabilities exist for automated actions?
  • How are automated actions requirements technically enforced in access control systems?

Evidence & Documentation:

  • Provide documented policies and procedures for automated actions.
  • Provide personnel records demonstrating automated actions implementation.
  • Provide evidence of automated actions for all personnel with system access.
  • Provide records of automated actions reviews and updates.
  • Provide documentation of coordination between automated actions and HR processes.

Ask AI

Configure your API key to use AI features.