V-245860

Discussion

Failure to properly out-process through the security section allows the possibility of continued (unauthorized) access to the facility and/or the systems. REFERENCES: DOD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DOD Information Security Program: Protection of Classified Information Appendix to Encl 3, paragraph 3.a.(4). and Enclosure 5, paragraph 9. 32 CFR 117 and 32 CFR 2001 and 2003 as well as DOD Manual 5200.32 Volume 1 DOD Manual 5200.02, Procedures for the DOD Personnel Security Program (PSP), April 3, 2017, Chapter 12, paragraph 12.1.b.&f., Appendix G.2. Definitions, JPAS NIST Special Publication 800-53 (SP 800-53) Controls: AC-1, AC-2, PE-3, PS-4, and PS-5 CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), 9 February 2011 Enclosure C, para 11

Check Content

Check to ensure the organization has documented out-processing procedures. 

Review a sampling of personnel security files of departed personnel to ensure compliance. Files of departed personnel should be maintained by an organization for at least 90-days.

Ensure the procedures and records of departed employees reviewed include:
- Removal from access to Government Information Systems, 
- Turning in all access badges, classified and/or sensitive information,
- Removal from automated entry control systems (AECS) and 
- Signing of an SF 312 acknowledging a security debriefing.

NOTE: The SF 312 is only applicable for those persons holding a security clearance. 

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments where procedural documents (SOPs) and personnel records should be in place. Not applicable to a field/mobile environment.