Identification and Authentication Policy and Procedures (IA-1)

Identification, Authentication, and Authorization are controls to facilitate access and to protect university information resources and data.

Identification and Authentication (Organizational Users) (IA-2)

The capability for information resources to uniquely identify and authenticate university faculty, staff, students, and other approved users.

Identifier Management (IA-4)

Identifiers are managed by receiving appropriate authorization to initially assign a user, selecting a unique identifier, preventing the reuse of identifiers, and disabling the user identifier after a period of inactivity or change in job status.

Authenticator Management (IA-5)

User authentication is a means to control who has access to university information resources. The confidentiality, integrity, and availability of information can be lost when access is gained by a non-authorized entity. This, in turn, may result in negative impacts such as loss of revenue, liability, loss of trust, or embarrassment to the university. This Control establishes procedures for the creation, distribution, safeguarding and termination of university user password authentication mechanisms.

Authenticator Feedback (IA-6)

The information resource shall obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Cryptographic Module Authentication (IA-7)

The information resource implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, state laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Identification and Authentication (Non-Organizational Users) (IA-8)

Information resources shall be configured to uniquely identify and authenticate users not affiliated with the university who are permitted to utilize university information resources (See Control AC-2 , Account Management).