A defender’s view of the Famous Chollima / Nickel Tapestry IT worker scheme as it looks in 2026 — the telemetry that actually catches it, the false positives that swamp you in week one, and where it sits in the 800-53 catalog.
RMF Control PS-6: Access Agreements requires organizations to establish and implement access agreements for all individuals with access to information systems. Access agreements should specify the types of access that are authorized, the purposes for which access is granted, and the conditions that must be met in order to maintain access. Supplemental Guidance The Risk …
RMF Control PS-4: Personnel Termination requires organizations to disable information system access within a defined time period, terminate or revoke any authenticators and credentials associated with the individual, conduct exit interviews that include a discussion of security topics, retrieve all security-related organizational information system-related property, and retain access to organizational information and systems formerly controlled …
