Control statement
Upon termination of individual employment:
a. Disable system access within {{ insert: param, ps-04_odp.01 }};
b. Terminate or revoke any authenticators and credentials associated with the individual;
c. Conduct exit interviews that include a discussion of {{ insert: param, ps-04_odp.02 }};
d. Retrieve all security-related organizational system-related property; and
e. Retain access to organizational information and systems formerly controlled by terminated individual. Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-IAM-04 | Just-in-Time Authorization Use a least-privileged, role and attribute-based, and just-in-time security authorization model for all user and non-user accounts and services. | Identity and Access Management |
| KSI-IAM-05 | Least Privilege _Persistently_ ensure that identity and access management employs measures to ensure each user or device can only access the resources they need. | Identity and Access Management |
| KSI-IAM-06 | Suspicious Activity Automatically disable or otherwise secure accounts with privileged access in response to suspicious activity | Identity and Access Management |