Vault/Secure Room Storage Standards - Access Control System Records Maintenance, which includes documented procedures for removal of access.

From Traditional Security

Part of Vault/Secure Room Storage Standards - Access Control System Records Maintenance

Associated with IA controls: PECF-1, PEPF-2, PEPF-1, PECF-2

SV-41831r2_rule Vault/Secure Room Storage Standards - Access Control System Records Maintenance, which includes documented procedures for removal of access.

Vulnerability discussion

Failure to document procedures for removal of access and inadequate maintenance of access records for both active and removed persons could result in unauthorized persons having unescorted access to vaults, secure rooms or collateral classified open storage areas where classified information is processed and stored.

Check content

Requirements Summary: A procedure must be established for removal of an individual's authorization to enter the secure room area upon reassignment, transfer, or termination, or when the individual's access is suspended, revoked, or downgraded to a level lower than the former access level. Records shall be maintained reflecting active assignment of ID badge/card, PIN, level of access, and similar system-related records. Records concerning personnel removed from the system shall be retained for a minimum of 90 days. CHECKS: Check #1. Check to ensure that records relecting active assignment of ID badge/card, PIN, level of access, and similar system-related records are maintained. (CAT II) Check #2. Check to ensure there is a documented procedure for removal of persons from the Access Control System. (CAT III) Check #3. Check to ensure that records concerning personnel removed from the system are retained for a minimum of 90 days. (CAT III) TACTICAL ENVIRONMENT: This check is applicable where Vaults/Secure Rooms are used to protect classified materials or systems in a tactical environment. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used.

Fix text

1. Ensure there is a documented procedure for removal of persons from the Access Control System. 2. Ensure that records relecting active assignment of ID badge/card, PIN, level of access, and similar system-related records are maintained. 3. Ensure that records concerning personnel removed from the system are retained for a minimum of 90 days.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer