STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Out-processing Procedures for Departing or Terminated Employees (Military, Government Civilian and Contractor)

DISA Rule

SV-42762r3_rule

Vulnerability Number

V-32425

Group Title

Outprocessing Procedures

Rule Version

PE-07.03.01

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Ensure there are local procedures covering the out-processing of departing employees (Military, Government Civilian and Contractor) and that records of departed employees on-hand reflect that out-processing was conducted. Out-processing records should be retained for a minimum of 90-days.

Ensure that out-processing procedures and records include:
-Removal from access to Government Information Systems,
- Turning in all access badges, classified and/or sensitive information,
- Removal from automated entry control systems (AECS) and
- Signing of an SF 312 acknowledging a security debriefing.

NOTE: The SF 312 is only applicable for those persons holding a security clearance.

Check Contents

Check to ensure the organization has documented out-processing procedures.

Review a sampling of personnel security files of departed personnel to ensure compliance. Files of departed personnel should be maintained by an organization for at least 90-days.

Ensure the procedures and records of departed employees reviewed include:
-Removal from access to Government Information Systems,
- Turning in all access badges, classified and/or sensitive information,
- Removal from automated entry control systems (AECS) and
- Signing of an SF 312 acknowledging a security debriefing.

NOTE: The SF 312 is only applicable for those persons holding a security clearance.

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments where procedural documents (SOPs) and personnel records should be in place. Not applicable to a field/mobile environment.

Vulnerability Number

V-32425

Documentable

False

Rule Version

PE-07.03.01

Severity Override Guidance

Check to ensure the organization has documented out-processing procedures.

Review a sampling of personnel security files of departed personnel to ensure compliance. Files of departed personnel should be maintained by an organization for at least 90-days.

Ensure the procedures and records of departed employees reviewed include:
-Removal from access to Government Information Systems,
- Turning in all access badges, classified and/or sensitive information,
- Removal from automated entry control systems (AECS) and
- Signing of an SF 312 acknowledging a security debriefing.

NOTE: The SF 312 is only applicable for those persons holding a security clearance.

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments where procedural documents (SOPs) and personnel records should be in place. Not applicable to a field/mobile environment.

Check Content Reference

M

Target Key

2506

Comments