← Controls / PS

PS-04 Personnel Termination

Personnel Security

Low Moderate High

Description

The organization, upon termination of individual employment, terminates information system access, conducts exit interviews, retrieves all organizational information system-related property, and provides appropriate personnel with access to official records created by the terminated employee that are stored on organizational information systems.

Supplemental Guidance

Information system-related property includes, for example, keys, identification cards, and building passes. Timely execution of this control is particularly essential for employees or contractors terminated for cause.

Changes from Rev 4

Control text for notification removed Parameter for specifying time frame for notification removed

Enhancements

(0) None.

Compliance Mappings

ISO 27001:2022

A.5.11A.6.5

ISO 27002:2022

5.116.5

CIS Controls v8

CIS 15.7CIS 6.2

NIST CSF 2.0

GV.RR-04

SOC 2 TSC

CC1.5

CSA CCM v4

HRS-05HRS-06IAM-07

CSA AICM v1

HRS-05HRS-06IAM-07

ISO 42001:2023

A.3.2

NIS2 Directive

Art. 21(2)(i)

BSI IT-Grundschutz

ORP.2

ANSSI

Hygiene.32Hygiene.7SecNumCloud.8.4

FINMA Circular 2023/1

IV.B.d(59)IV.B.d(60)

OSFI B-13

B-13.1.1B-13.3.2

EU GDPR

Art.29Art.32(1)(b)

EU DORA

Art.9(4)(c)

BIO2

5.116.5

RBI CSF

Annex1.8ITGRCA.19

FISC Security Guidelines

FISC.O8

LGPD + BCB 4893

LGPD.Art.47

HKMA TM-E-1

TME1.8.1

MLPS 2.0

8.1.8.1

DNB Good Practice

DNB.8.5

SWIFT CSCF

SWIFT.5.2

SAMA CSF

1.7

NCA ECC

1-9

UAE IA

T5

CBB TM

TM-6

Qatar NIA

HR

CBE CSF

CD-1GOV-2

SA JS2

JS2-8.6

CBN CSF

Part9

BoG CISD

CISD-XV

BoM CTRM

3.8

IOSCO Cyber Resilience

GOV-4

FFIEC IS

II.C.7

NYDFS 500

500.7

HIPAA Security Rule

§164.308(a)(3)(i)§164.308(a)(3)(ii)(C)

ECB CROE

CROE.2.3.2

BOT Cyber Resilience

Ch7.2

CMMC 2.0

PS

NERC CIP

CIP-004-7

10 CFR 73.54

RG5.71-C-PS

DOE C2M2 v2.1

WORKFORCE

API 1164

Sec 13

IAEA NSS 17-T

Sec 9

Lloyd's Minimum Standards

MS8.3

NAIC Insurance Data Security

4-access4-personnel4B

FCA SYSC 13

SYSC 13.6.4

HITRUST CSF v11

02.c

ISO 27799

7.38.3

NHS DSPT

NDG-4.2

CCSS v9.0

1.04.11.04.21.06.2

SEC Custody (Digital Assets)

SEC-CD-16

ISO 17799 (legacy)

8.1.38.311.2.1

COBIT 4.1 (legacy)

PO7.8