Terminated Accounts are Disabled in a Timely Manner











                                                                                                 STEP 4



          Processes exist to ensure terminated user accounts are

              disabled in a timely manner.
          If SSO is enabled, then disabling the network ID should prohibit

              use of an active application account.

          However, procedures should exist to ensure that application                                                                         Access

              accounts are also disabled in a timely manner.
          Disabling an individual’s network access does not guarantee all

              access is disabled. Web, mobile, voice-enabled, smart

              technology, and emergency accounts fall outside of network
              access, as do any web applications that can be accessed from

              outside the organization.

          All of these accounts must be manually disabled or terminated.