Identities are deprovisioned, at least in an ad hoc manner, when no longer required
Context and Guidance: When a person, object, or entity ceases to exist in the organisation, the associated identity and all of its access privileges and restrictions should be eliminated. The failure to deprovision an identity can result in significant operational risk to an organisation because it may provide an identity to which an unauthorised (and perhaps unknown) person, object, or entity can associate. If this occurs and its access privileges have not been terminated, the identity can be stolen along with all of the existing privileges.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ACCESS-1a, ACCESS-1c, ACCESS-1e, ACCESS-1f, ACCESS-1j.