Description

Access to Texas A&M University information resources is commonly controlled by a logon ID and password associated with an authorized account. Proper administration of these access controls includes ensuring the integrity of University information and the normal business operation of University-managed and administered information resources.

Applicability

  • The information resource owner, or designee, is responsible for ensuring that the measures described in this Control are implemented. The intended audience for this Control includes, but is not limited to, all information resources owners and custodians.

Implementation

  • 1

    As technology permits, the information resource owner, or designee, shall enforce account lockouts after no more than ten consecutive failed attempts.

    • 1.1

      Accounts locked out due to multiple incorrect logon attempts should stay locked out for a minimum of 15 minutes.

  • 2

    As technology permits, accounts that have access to information resources classified as moderate or high impact should remain locked until reset by an administrator or university approved authentication system.