FedRAMP Control Explorer

Controls

Access Control

Assessment, Authorization, and Monitoring

Audit and Accountability

Awareness and Training

Configuration Management

Contingency Planning

Identification and Authentication

Incident Response

Maintenance

Media Protection

Personnel Security

Physical and Environmental Protection

Planning

Risk Assessment

Supply Chain Risk Management

System and Communications Protection

System and Information Integrity

System and Services Acquisition

PS-6 Access Agreements

Control

Develop and document access agreements for organizational systems;

Review and update the access agreements [at least annually] ; and

Verify that individuals requiring access to organizational information and systems:

Sign appropriate access agreements prior to being granted access; and

Re-sign access agreements to maintain access to organizational systems when access agreements have been updated or [at least annually and any time there is a change to the user’s level of access].

Discussion

Access agreements include nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Signed access agreements include an acknowledgement that individuals have read, understand, and agree to abide by the constraints associated with organizational systems to which access is authorized. Organizations can use electronic signatures to acknowledge access agreements unless specifically prohibited by organizational policy.

FedRAMP-Defined Assignment / Selection Parameters

PS-6 (b) [at least annually] - the frequency at which to review and update access agreements is defined;
PS-6 (c)(2) [at least annually and any time there is a change to the user's level of access] - the frequency at which to re-sign access agreements to maintain access to organizational information is defined;