Out-processing Procedures for Departing or Terminated Employees (Military, Government Civilian and Contractor)
An XCCDF Rule
Description
<VulnDiscussion>Failure to properly out-process through the security section allows the possibility of continued (unauthorized) access to the facility and/or the systems. REFERENCES: DoD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DoD Information Security Program: Protection of Classified Information Appendix to Encl 3, paragraph 3.a.(4). and Enclosure 5, paragraph 9. DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter 1, paragraph 1-206. and Chapter 3, paragraph 3-109. DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP), April 3, 2017, Chapter 12, paragraph 12.1.b.&f., Appendix G.2. Definitions, JPAS NIST Special Publication 800-53 (SP 800-53) Controls: AC-1, AC-2, PE-3, PS-4, and PS-5 CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), 9 February 2011 Enclosure C, para 11</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245860r822921_rule
- Severity
- Low
- Updated
Remediation - Manual Procedure
Ensure there are local procedures covering the out-processing of departing employees (Military, Government Civilian and Contractor) and that records of departed employees on-hand reflect that out-processing was conducted. Out-processing records should be retained for a minimum of 90-days.
Ensure that out-processing procedures and records include:
-Removal from access to Government Information Systems,
- Turning in all access badges, classified and/or sensitive information,
- Removal from automated entry control systems (AECS) and