Statement

The University enforces approved authorizations for logical access to the system in accordance with applicable policy.  Access policies and management ensures enforcement of approved authorization for logical access to information technology resources. Access to West Texas A&M University information resources is commonly controlled by a logon ID associated with an authorized account. Proper administration of these access controls is important to ensure the security of confidential information and normal business operation of University-managed and administered information resources.

Applicability

This Control applies to University information resources that store or process mission critical and/or confidential information. The information resource owner, or designee, is responsible for ensuring that the risk mitigation measures described in this control are implemented. The intended audience for this control includes, but is not limited to, all information resource data/owners, management personnel, and system administrators.

Implementation

• Where possible information resources will implement role-based access control (e.g. employee users, guest users, etc.).
• As specified in Control AC-6 Least Privledge, access to data and functions will be based on job duties and responsibilities following the principle of least privilege.