12. Maintain Credential - Revoke
When an employee or contractor separates from an agency or no is eligible for their credential, their credential should be revoked. This use case describes the process for revoking a credential.
Pre-condition: Individual has an active credential.
|An actor sends separation notification to the credential manager.
Actor could range from the individual to their supervisor, HR, or security team member.
|The credential manager invalidates the credential and disables its access provisions.
The credential manager could be a person or a system.
|An actor collects the credential if it is a hardware token.
Actor could be supervisor, HR, or a security team member.
Post-condition: Individual no longer has access via that credential.
Click here for a consolidated image of this use case.