Report on the percentage of computer user accounts assigned to personnel who have left the organization or no longer have need for access that have been closed

Status: Live

The organization will report on the percentage of computer user accounts assigned to personnel who have left the organization or no longer have need for access that have been closed. [UCF ID 02090]

Metric guidance

Calculation: The calculation for this metric is # of computer user accounts assigned to personnel who have left the organization or no longer have need for access that have been closed / # of user accounts.

Calculation source: No authority document source of information exists. The following formula was used: the number of user accounts that have been closed because the user left the organization or no longer needs access to the system in accordance with policies, standards, and procedures divided by the number of user accounts for each business unit (or the organization as a whole) .

The Common Control IDs associated with this metric are as follows:

Immediately revoke accesses of terminated users [UCF Control ID 00516]

Immediately deny access to confidential information [UCF Control ID 01309]

Deactivate unnecessary user IDs [UCF Control ID 02185]

Review access capabilities for any functional change in user status [UCF Control ID 00524]

Ensure job change and termination coincides with account and access right review or termination [UCF Control ID 00788]

Supporting and supported controls

This control directly supports:

Establish and maintain a user account management metrics program [UCF Control ID 02075]

There are no supporting controls.

Authority documents complied with:

CISWG Information Security Program Elements, January 10,2005, ISPE19.2

US Federal Security Guidance

The organization must measure and report on the percentage of computer user accounts assigned to personnel who have left the organization or no longer have need for access that have been closed. Computer accounts include user accounts as well as system, group, application, or super user accounts. [ISPE19.2, CISWG Information Security Program Elements, January 10,2005]