top of page
AdobeStock_69523090.jpeg

How to

Establish an Access Revoking Process

- SafeGuard 6.2

Here's a step-by-step guide to establishing and following a process for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role changes of a user, as per the requirements in CIS Control 6 - Access Control Management, Implementation Group 1 (IG1):

 

Step 1: Define Access Revocation Policies:

  1. Define clear policies for when access should be revoked, such as upon termination, role changes, or rights revocation. Determine the timing and triggers for these actions.

 

Step 2: Inventory of Enterprise Assets:

  1. Create and maintain an inventory of all enterprise assets, including systems, applications, databases, and other resources that require user accounts.

 

Step 3: Automated Account Management:

  1. Implement an automated account management system that can disable accounts based on predefined triggers. This helps ensure immediate action and consistency.

 

Step 4: Identify Triggers:

  1. Identify triggers that indicate when an account should be disabled, such as when an employee leaves the organization, changes roles, or has their privileges revoked.

Step 5: Disable Accounts:

  1. Upon detection of a trigger, automatically disable the user account to prevent access to enterprise assets.

Step 6: Account Preservation:

  1. Choose to disable accounts instead of deleting them to preserve audit trails and maintain records of account activity.

Step 7: Communicate Process:

  1. Communicate the access revocation process to relevant stakeholders, including HR, IT, and management, to ensure consistent implementation.

This process enhances your organization's incident response capabilities and overall security posture.

Step 8: Integration with HR and IT:

  1. Establish a streamlined communication process between HR and IT to ensure that access revocation actions are executed promptly upon employee termination or role change.

 

Step 9: Review Process Annually:

  1. Review the access revocation process annually to ensure it remains effective, relevant, and aligned with organizational changes.

Step 10: Incident Response Integration:

  1. Integrate the access revocation process with your incident response plan to ensure rapid response to potential security breaches.

Step 11: Continuous Improvement:

  1. Continuously assess and improve the access revocation process based on feedback, lessons learned, and changes in technology or roles.

Step 12: Record Keeping:

  1. Maintain records of all access revocation actions, including the reason, date, time, and individuals involved.

Step 13: Training and Awareness:

  1. Train relevant personnel involved in HR, IT, and security on the importance of promptly and accurately revoking access upon triggers.

as

By following these steps, you'll establish a robust and automated process for revoking access to enterprise assets, preserving audit trails, and maintaining security, in alignment with the requirements of CIS Control 6. This process enhances your organization's incident response capabilities and overall security posture.

bottom of page