David: Created page with "For the assessment objective "[b] system access and credentials are terminated consistent with personnel actions such as termination or transfer," I'll rank the evidence types and prioritize assessment approaches based on the CMMC Level 2 guidance provided. == Evidence Types Ranking for Assessment Objective [b] == 1. Artifacts (I1) - Highest priority - Records of terminated credentials - System logs showing access removal - Completed termination checklists..."

2025-04-03T02:50:25Z

Created page with "For the assessment objective "[b] system access and credentials are terminated consistent with personnel actions such as termination or transfer," I'll rank the evidence types and prioritize assessment approaches based on the CMMC Level 2 guidance provided. == Evidence Types Ranking for Assessment Objective [b] == 1. **Artifacts (I1)** - Highest priority - Records of terminated credentials - System logs showing access removal - Completed termination checklists..."

New page

For the assessment objective "[b] system access and credentials are terminated consistent with personnel actions such as termination or transfer," I'll rank the evidence types and prioritize assessment approaches based on the CMMC Level 2 guidance provided.

== Evidence Types Ranking for Assessment Objective [b] ==

1. **Artifacts (I1)** - Highest priority
- Records of terminated credentials
- System logs showing access removal
- Completed termination checklists
- Help desk tickets showing access revocation
- These artifacts directly demonstrate that the organization is actively implementing the process

2. **Screen Share (I4)** - High priority
- Live demonstration of access termination processes
- Observation of administrators using access management systems
- Review of audit logs or user account status changes
- This provides direct evidence of how the process works in practice

3. **Documents (I2)** - Medium priority
- While important, documents alone can't demonstrate actual implementation
- Examples include termination procedures, access removal checklists, and timelines
- These support understanding the process but don't prove it's being followed

4. **Physical Review (I3)** - Lower priority
- Could include observing returned physical credentials (ID badges, access cards)
- Less directly relevant than other evidence types for this specific objective

== Assessment Approaches Prioritization ==

1. **Test (C3)** - Highest priority
- Testing mechanisms for disabling system access
- Testing processes for revoking authenticators
- This approach directly demonstrates that system access termination works as intended
- Focus on objects in D3: "mechanisms supporting or implementing personnel transfer and termination notifications; mechanisms for disabling system access and revoking authenticators"

2. **Examine (C1)** - Secondary priority
- Review records of personnel transfer/termination actions
- Examine lists of system accounts and their status
- Review records of terminated authenticators/credentials
- These provide evidence of consistent implementation

3. **Interview (C2)** - Tertiary priority
- Interviews with account managers and system administrators
- These validate understanding of requirements and procedures
- Can help clarify inconsistencies found during testing or examination

== Recommendation for Objective [b] ==

I recommend you:

1. First perform tests of the actual mechanisms used to terminate access and credentials
2. Examine records of past terminations/transfers to verify consistent implementation
3. Interview key personnel to confirm understanding of requirements

Since objective [b] focuses on whether "system access and credentials are terminated consistent with personnel actions," your strongest evidence will come from demonstrations that the process works correctly and artifacts showing it has been followed consistently in actual personnel actions.

LLMResponse PS.L2-3.9.2.b - Revision history