U.S. Department of Health and Human Services
Ongoing recertification of user access ensures system access is limited to those who have a current business purpose. Although the terms may sound similar, this is a different process than system recertification and reaccreditation.
System user account status is reviewed by IT Administrators on a defined recurrence and reported to the ISSO and to supervisors/managers. Inactive accounts are terminated within an OPDIV-defined timeframe unless the user's supervisor provides written certification of the need for continuation of access. Accounts for separated employees, contractors, volunteers, or others no longer requiring access are terminated immediately.
Page 3 of 4
Monitoring User Access/Recertification