SKIP TO PAGE CONTENT

Information Security Controls Catalog AC-3

Last Review: 10/1/2022

Statement

The University enforces approved authorizations for logical access to the system in accordance with applicable policy.  Access policies and management ensures enforcement of approved authorization for logical access to information technology resources. Access to West Texas A&M University information resources is commonly controlled by a logon ID associated with an authorized account. Proper administration of these access controls is important to ensure the security of confidential information and normal business operation of University-managed and administered information resources.

Applicability

This Control applies to University information resources that store or process mission critical and/or confidential information. The information resource owner, or designee, is responsible for ensuring that the risk mitigation measures described in this control are implemented. The intended audience for this control includes, but is not limited to, all information resource data/owners, management personnel, and system administrators.

Implementation

  • As specified in Control AC-2, Account Management, and Control AC-5, Separation of Duties, the procedures for granting, controlling, and monitoring of access to information technology resources are appropriately managed and enforced.
  • Where possible each person is to have a unique logon ID and associated account for accountability purposes. Shared accounts are to be used in very limited situations and must provide individual accountability. The use of these accounts shall be approved by the ISO prior to implementation.

Phone
Twitter
Facebook
Instagram
Mail