Description
The organization reviews information systems/facilities access authorizations when personnel are reassigned or transferred to other positions within the organization and initiates appropriate actions.
Supplemental Guidance
Appropriate actions that may be required include: (i) returning old and issuing new keys, identification cards, building passes; (ii) closing old accounts and establishing new accounts; (iii) changing system access authorizations; and (iv) providing for access to official records created or controlled by the employee at the old work location and in the old accounts.
Enhancements
(0) None.
Compliance Mappings
ISO 27001:2022
A.6.5
ISO 27002:2022
5.116.5
CIS Controls v8
CIS 6.2
NIST CSF 2.0
GV.RR-04
SOC 2 TSC
CC1.5
CSA CCM v4
HRS-06IAM-07
CSA AICM v1
HRS-06IAM-07
ISO 42001:2023
A.3.2
NIS2 Directive
Art. 21(2)(i)
BSI IT-Grundschutz
ORP.2
ANSSI
Hygiene.14Hygiene.32Hygiene.7SecNumCloud.8.4
FINMA Circular 2023/1
IV.B.d(59)IV.B.d(60)
OSFI B-13
B-13.1.1B-13.3.2
EU GDPR
Art.29Art.32(1)(b)
EU DORA
Art.9(4)(c)
BIO2
5.116.5
RBI CSF
Annex1.8ITGRCA.19
FISC Security Guidelines
FISC.O8
LGPD + BCB 4893
LGPD.Art.47
HKMA TM-E-1
TME1.8.1
MLPS 2.0
8.1.8.1
DNB Good Practice
DNB.8.5
SAMA CSF
1.7
NCA ECC
1-9
UAE IA
T5
CBB TM
TM-6
Qatar NIA
HR
CBE CSF
GOV-2
SA JS2
JS2-8.6
CBN CSF
Part9
BoG CISD
CISD-XV
BoM CTRM
3.8
IOSCO Cyber Resilience
GOV-4
FFIEC IS
II.C.7
NYDFS 500
500.7
HIPAA Security Rule
§164.308(a)(3)(i)§164.308(a)(3)(ii)(C)
ECB CROE
CROE.2.3.2
BOT Cyber Resilience
Ch7.2
CMMC 2.0
PS
NERC CIP
CIP-004-7
10 CFR 73.54
RG5.71-C-PS
Lloyd's Minimum Standards
MS8.3
NAIC Insurance Data Security
4-access4-personnel
FCA SYSC 13
SYSC 13.6.4
HITRUST CSF v11
02.c
ISO 27799
7.38.3
NHS DSPT
NDG-4.2
CCSS v9.0
1.04.2
ISO 17799 (legacy)
8.3.18.3.311.2.1
COBIT 4.1 (legacy)
PO7.8