Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control
The organization employs automated mechanisms to notify [FedRAMP Assignment: (H) access control personnel responsible for disabling access to the system] upon termination of an individual.
NIST 800-53 (r4) Supplemental Guidance
In organizations with a large number of employees, not all personnel who need to know about termination actions receive the appropriate notifications—or, if such notifications are received, they may not occur in a timely manner. Automated mechanisms can be used to send automatic alerts or notifications to specific organizational personnel or roles (e.g., management personnel, supervisors, personnel security officers, information security officers, systems administrators, or information technology administrators) when individuals are terminated. Such automatic alerts or notifications can be conveyed in a variety of ways, including, for example, telephonically, via electronic mail, via text message, or via websites.
NIST 800-53 (r5) Discussion
In organizations with many employees, not all personnel who need to know about termination actions receive the appropriate notifications, or if such notifications are received, they may not occur in a timely manner. Automated mechanisms can be used to send automatic alerts or notifications to organizational personnel or roles when individuals are terminated. Such automatic alerts or notifications can be conveyed in a variety of ways, including via telephone, electronic mail, text message, or websites. Automated mechanisms can also be employed to quickly and thoroughly disable access to system resources after an employee is terminated.
Meets Minimum Requirement:
Clearly designate access control personnel as responsible for responding to alerts that access needs to be disabled
Document these personnel / roles
Implement a system to provide automated notification (e.g. a ticketing system)
Best Practice:
Train access control individuals to respond to automated alerts
Establish a call tree to ensure that alerts are covered in the event an access control personnel is not available
Integrate physical security personnel into this process as well so they can be prepared
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review documentation that designates personnel as receiving automated alerts
Interview personnel to validate that they understand how to respond to alerts
Inspect automated alerting system and evidence of use
CSP Implementation Tips:
AWS: Fully inherited
Azure: Fully inherited
GCP: Fully inherited
Page updated
Report abuse