CIP-004 R5.1 specifies a process to remove access for what situation?

CIP-004 R5.1 specifically addresses the need for a process to remove access for individuals who have been terminated from their position. This requirement is designed to ensure that when an employee leaves the organization, either due to resignation or termination, their access to critical systems and information is promptly revoked.

This is crucial to maintaining the security and integrity of critical infrastructure systems, as lingering access can lead to unauthorized use of sensitive information or systems, potentially exposing the organization to various risks, including data breaches or sabotage. The focus on access removal at the point of employee termination forms part of a comprehensive security posture aimed at protecting the assets and operations of the organization from insider threats.

While hiring new staff, conducting annual reviews, and changing positions are important aspects of an organization's access control processes, they do not specifically trigger the immediate need for access removal as outlined in CIP-004 R5.1. Hence, the emphasis is correctly placed on termination actions.