6.2: Establish an Access Revoking Process

CSF v1.1 References:

PR.AC-1
PR.IP-11

PF v1.0 References:

PR.PO-P9
PR.AC-P1

Group:

Previous Version:

Critical Security Controls Version 7.1:
16.7: Establish Process for Revoking Access

Control Statement

Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4