Identification, Authentication, and Authorization are controls to facilitate access and to protect university information resources and data.

Uniquely identify and authenticate organizational users and associate that unique identification with actions performed on the system.

Identifiers are managed by receiving appropriate authorization to initially assign a user, selecting a unique identifier, preventing the reuse of identifiers, and disabling the user identifier after a period of inactivity or change in job status.

User authentication is a means to control who has access to university information resources. The confidentiality, integrity, and availability of information can be lost when access is gained by a non-authorized entity. This, in turn, may result in negative impacts such as loss of revenue, liability, loss of trust, or embarrassment to the university. This Control establishes procedures for the creation, distribution, safeguarding and termination of university user password authentication mechanisms.

The information resource shall obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

The information resource implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, state laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Information resources shall be configured to uniquely identify and authenticate users not affiliated with the university who are permitted to utilize university information resources (See Control AC-2 , Account Management).

The capability for information resources to uniquely identify and re-authenticate university faculty, staff, students, and other approved users.