Description

Access policies and management ensures enforcement of approved authorization for logical access to information technology resources. Access to Texas A&M University information resources is commonly controlled by a logon ID associated with an authorized account. Proper administration of these access controls (e.g. NetIDs or logon IDs and passwords) is important to ensure the security of confidential information and normal business operation of University-managed and administered information resources.

Applicability

  • This Control applies to University information resources that store or process data classified as University-Internal or higher.

  • The information resource owner, or designee, is responsible for ensuring that the risk mitigation measures described in this Control are implemented.

  • The intended audience for this Control includes, but is not limited to, all information resource data/owners, management personnel, and system administrators.

Implementation

  • As specified in Control AC-2, Account Management, and Control AC-5, Separation of Duties, the procedures for granting, controlling, and monitoring of access to information technology resources are appropriately managed and enforced.