Description
Applicability
-
This Control applies to University information resources that store or process data classified as University-Internal or higher.
-
The information resource owner, or designee, is responsible for ensuring that the risk mitigation measures described in this Control are implemented.
-
The intended audience for this Control includes, but is not limited to, all information resource data/owners, management personnel, and system administrators.
Implementation
-
As specified in Control AC-2, Account Management, and Control AC-5, Separation of Duties, the procedures for granting, controlling, and monitoring of access to information technology resources are appropriately managed and enforced.