Description
Applicability
-
This Control applies to all Texas A&M information resources. The intended audience for this Control includes all owners and custodians of information resources.
Implementation
-
1
The information resource custodian will manage information system identifiers for users and devices by:
-
1.1
following the unit’s authorization process to assign a user, group, role, or device identifier (See Control AC-2 Account Management);
-
1.2
selecting and assigning an identifier that identifies an individual user, group, role, or device; and
-
1.3
preventing the reuse of user, group, role, or device identifiers for up to three years after the account has been deleted.
-
1.1
-
2
All logon IDs that have not been used/accessed within a period of six months shall be disabled. Exceptions can be made where there is an established unit procedure. These actions shall be reviewed and approved by the unit head. Documentation of exceptions shall be maintained by the information resource owner or designee.
-
3
A user’s access authorization shall be appropriately modified or removed when the user’s employment or job responsibilities change within the university.