National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security and Privacy Controls for Federal Information Systems and Organizations

PS-5 PERSONNEL TRANSFER

Family:
PS - PERSONNEL SECURITY
Class:
Priority:
P2 - Implement P2 security controls after implementation of P1 controls.
Baseline Allocation:
Low Moderate High
PS-5 PS-5 PS-5

Control Description

The organization:

a. Reviews and confirms ongoing operational need for current logical and physical access authorizations to information systems/facilities when individuals are reassigned or transferred to other positions within the organization;

b. Initiates [Assignment: organization-defined transfer or reassignment actions] within [Assignment: organization-defined time period following the formal transfer action];

c. Modifies access authorization as needed to correspond with any changes in operational need due to reassignment or transfer; and

d. Notifies [Assignment: organization-defined personnel or roles] within [Assignment: organization-defined time period].

Supplemental Guidance

This control applies when reassignments or transfers of individuals are permanent or of such extended durations as to make the actions warranted. Organizations define actions appropriate for the types of reassignments or transfers, whether permanent or extended. Actions that may be required for personnel transfers or reassignments to other positions within organizations include, for example: (i) returning old and issuing new keys, identification cards, and building passes; (ii) closing information system accounts and establishing new accounts; (iii) changing information system access authorizations (i.e., privileges); and (iv) providing for access to official records to which individuals had access at previous work locations and in previous information system accounts.

Related to: AC-2IA-4PE-2PS-4

Control Enhancements

None.

References

None.