AC-1 Access Control Policy and Procedures
Overview
The West Texas A&M Information Security Controls Catalog establishes the minimum standards and controls for University information security in accordance with the state's Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202).
Purpose
To implement select information security control standards for the Access Control (AC) family, as identified by the Texas Department of Information Resources (DIR) and the National Institute of Standards and Technology (NIST). The establishment of the Access Control policy and procedures provides a standard for managing risks associated with user account management, access enforcement and monitoring, separation of duties, wireless, and remote access.
Scope
The scope of these regulations and procedures are applicable to all information resources owned or operated by West Texas A&M University. All users are responsible for adhering to these regulations and procedures. Information regarding roles, responsibilities, management commitment, and coordination among organizational entities are embedded within these procedures.
Implementation
As specified in Control AC-2, Account Management, the approval process for account access includes a documented policy and procedure for managing access to information resources, defining the rules for establishing user identity, administering user accounts, and establishing and monitoring user access to information resources.
The Information Security Officer shall work with information resource owners and custodians to develop, document, and disseminate access control policies for all University systems.
All access control policies shall be reviewed periodically as needed based on risk.