PS-6 H M L

The organization:
a. Develops and documents access agreements for organizational information systems;
b. Reviews and updates the access agreements [Assignment: organization-defined frequency]; and
c. Ensures that individuals requiring access to organizational information and information systems:
1. Sign appropriate access agreements prior to being granted access; and
2. Re-sign access agreements to maintain access to organizational information systems when access agreements have been updated or [Assignment: organization-defined frequency].

  • H PS-6 (b) [at least annually] PS-6 (c) (2) [at least annually and any time there is a change to the user's level of access]
  • M PS-6 (b) [at least annually] PS-6 (c) (2) [at least annually]
  • L PS-6 (b) [at least annually] PS-6 (c) (2) [at least annually]
DISA Cloud Computing SRG

b. annually

c (2) when there is a change to the user's level of access


Supplemental Guidance

Access agreements include, for example, nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Signed access agreements include an acknowledgement that individuals have read, understand, and agree to abide by the constraints associated with organizational information systems to which access is authorized. Organizations can use electronic signatures to acknowledge access agreements unless specifically prohibited by organizational policy.

Related Controls