SKIP TO PAGE CONTENT

AC-1 Access Control Policy and Procedures

Initial Implementation: 10/1/2022
Last Review: 12/11/2024

Overview

The West Texas A&M Information Security Controls Catalog establishes the minimum standards and controls for University information security in accordance with the state's Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202).

Purpose

To implement select information security control standards for the Access Control (AC) family, as identified by the Texas Department of Information Resources (DIR) and the National Institute of Standards and Technology (NIST). The establishment of the Access Control policy and procedures provides a standard for managing risks associated with user account management, access enforcement and monitoring, separation of duties, wireless, and remote access.

Scope

The scope of these regulations and procedures are applicable to all information resources owned or operated by West Texas A&M University. All users are responsible for adhering to these regulations and procedures. Information regarding roles, responsibilities, management commitment, and coordination among organizational entities are embedded within these procedures. 

Implementation

As specified in Control AC-2, Account Management, the approval process for account access includes a documented policy and procedure for managing access to information resources, defining the rules for establishing user identity, administering user accounts, and establishing and monitoring user access to information resources.

The Information Security Officer shall work with information resource owners and custodians to develop, document, and disseminate access control policies for all University systems.

All access control policies shall be reviewed periodically as needed based on risk.

Phone
Twitter
Facebook
Instagram
Mail