Sub-Requirement 8.5.4

Illustrative Controls and the TIBCO LogLogic Solution

Administrators must demonstrate that user access privileges are revoked in a timely manner upon job change or termination. Review reports and alerts on account activities, accounts created/deleted, group members added/deleted, and successful logins to VPN devices and critical servers.

Take expedient actions regarding job changes, especially job terminations. Knowledge transfer needs to be arranged, responsibilities reassigned and access rights removed such that risks are minimized and continuity of the function is guaranteed. When a person changes jobs or is terminated from a company, user access privileges must be modified according to the company’s business guidelines.

To satisfy this requirement, administrators must periodically ensure that only current and authorized employees have access to in-scope systems and applications. Administrators must ensure that all terminated users have been disabled. In addition, administrators must ensure that logins to servers as well as permissions assigned to users who changed jobs are appropriate for the new role they are in.

To ensure the requirements listed above are met, administrators must review reports of all user deletions and group member modifications. This ensures terminated users are removed and users who have changed jobs have had their rights appropriately adjusted.

Reports and Alerts

Use the following link/reference to see the 8.5.4 reports and alerts: 8.5.4 on page 126.