PS.L2-3.9.2 — Personnel Termination and Transfer

Assessment Objectives

• upon termination of individual employment, system access is disabled within exit interview covering CUI obligations and NDA; retrieval of all credentials and property at separation; acknowledgment that CUI confidentiality obligations survive employment (minimum 2 years post-employment)CMMC/STIG.
• upon termination of individual employment, authenticators associated with the individual are terminated or revoked.
• upon termination of individual employment, credentials associated with the individual are terminated or revoked.
• upon termination of individual employment, security-related system property is retrieved.
• upon individual reassignment or transfer to other positions in the organization, access authorization is modified to correspond with any changes in operational need.
• upon individual reassignment or transfer to other positions in the organization, the ongoing operational need for current logical and physical access authorizations to the system and facility is reviewed.
• upon individual reassignment or transfer to other positions in the organization, the ongoing operational need for current logical and physical access authorizations to the system and facility is confirmed.