>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PS-5Personnel Transfer

LI-SaaS
Low
Moderate
High

>Control Description

a

Review and confirm ongoing operational need for current logical and physical access authorizations to systems and facilities when individuals are reassigned or transferred to other positions within the organization;

b

Initiate organization-defined transfer or reassignment actions within organization-defined time period following the formal transfer action;

c

Modify access authorization as needed to correspond with any changes in operational need due to reassignment or transfer; and

d

Notify organization-defined personnel or roles within organization-defined time period.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Personnel transfer applies when reassignments or transfers of individuals are permanent or of such extended duration as to make the actions warranted. Organizations define actions appropriate for the types of reassignments or transfers, whether permanent or extended. Actions that may be required for personnel transfers or reassignments to other positions within organizations include returning old and issuing new keys, identification cards, and building passes; closing system accounts and establishing new accounts; changing system access authorizations (i.e., privileges); and providing for access to official records to which individuals had access at previous work locations and in previous system accounts.

>Cross-Framework Mappings

SCF

HRS-08
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is the process for managing personnel transfer actions within the organization?
  • How does the organization review and confirm access authorizations when personnel transfer to new positions?
  • Who is responsible for coordinating transfer activities and access revalidation?
  • What is the timeline for adjusting access rights when personnel transfer?
  • What governance exists for ensuring access rights are appropriate for new roles and responsibilities?

Technical Implementation:

  • What systems track personnel transfer actions and access revalidation?
  • How are access rights automatically adjusted when personnel transfer?
  • What workflows enforce access review when personnel change positions?
  • How is role-based access updated to reflect new job responsibilities?

Evidence & Documentation:

  • Provide personnel transfer procedures and notification requirements.
  • Provide transfer notification records for the past year.
  • Provide evidence of access revalidation when personnel transfer.
  • Provide documentation of access rights adjustments for transferred personnel.
  • Provide records of role-based access updates based on new job duties.

Ask AI

Configure your API key to use AI features.