Access to systems, applications and data repositories is removed or suspended on the same day personnel no longer have a legitimate requirement for access.
Topic
Suspension of access to systems
Applicable to
all
History
Priority
must
Sep 2019
Access to systems, applications and data repositories is removed or suspended on the same day personnel no longer have a legitimate requirement for access.
Security controls 0430 and 1404 were modified to replace references to ‘information’ with ‘data repositories’ in order to align with language used by the Essential Eight mitigation strategies.
Aug 2019
Access to systems, applications and information is removed or suspended on the same day personnel no longer have a legitimate requirement for access.
Security control 0430 was slightly reworded.
Jul 2019
Access to systems, applications and information is removed or suspended on the same day a user no longer has a legitimate business requirement for access.
2015
Agencies must remove or suspend accounts on the same day a user no longer has alegitimate business requirement for its use.
2010
Agencies must:• lock system user accounts after five failed logon attempts• have a system administrator reset locked accounts• remove or suspend system user accounts as soon as possible when personnel no longer need accessdue to changing roles or leaving the agency• remove or suspend inactive accounts after a specified number of days.