6.2: Establish an Access Revoking Process
Previous Version:
- Critical Security Controls Version 7.1:
- 16.7: Establish Process for Revoking Access
Control Statement
Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]