SKIP TO PAGE CONTENT

AC-6 LEAST PRIVLEGE

Last Review: 10/1/2022

Statement

West Texas A&M (WTAMU) University shall ensure that technical controls are in place to support the principle of Least Privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned organizational task. This help ensure no unintentional modification or misuse of the university’s information resources. 

Applicability

The intended audience for this control includes, but is not limited to, all information resource data/owners, management personnel, and system administrators.

Implementation

  • Account manager shall configure User accounts to uphold the principle of least privilege.
  • All administrator or special access accounts shall be approved by the resource owner or a University Vice President, and the ISO or CIO.
  • Each individual who uses administrator or special access accounts shall use the account or access privilege most appropriate for the requirements of the work being performed (e.g., user account vs. administrator account).
  • Custodians shall maintain a list(s) of personnel who have administrator or special access accounts for information resources. System owners or management with appropriate oversight shall reviewed the list(s) at least annually.

Phone
Twitter
Facebook
Instagram
Mail