Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

ps-6

access agreements  

assessment objective:

Determine if the organization:

ps-6(a)

develops and documents access agreements for organizational information systems;

ps-6(b)

ps-6(b)[1]

defines the frequency to review and update the access agreements;

ps-6(b)[2]

reviews and updates the access agreements with the organization-defined frequency;

ps-6(c)

ps-6(c)(1)

ensures that individuals requiring access to organizational information and information systems sign appropriate access agreements prior to being granted access;

ps-6(c)(2)

ps-6(c)(2)[1]

defines the frequency to re-sign access agreements to maintain access to organizational information systems when access agreements have been updated;

ps-6(c)(2)[2]

ensures that individuals requiring access to organizational information and information systems re-sign access agreements to maintain access to organizational information systems when access agreements have been updated or with the organization-defined frequency.

potential assessment methods and objects:

Examine: [select from: Personnel security policy; procedures addressing access agreements for organizational information and information systems; security plan; access agreements; records of access agreement reviews and updates; other relevant documents or records].

Interview: [select from: Organizational personnel with personnel security responsibilities; organizational personnel who have signed/resigned access agreements; organizational personnel with information security responsibilities].

Test: [select from: Organizational processes for access agreements; automated mechanisms supporting access agreements].