Controlling Access to Information
Reviewed: January 8, 2010
To ensure confidentiality, integrity, and availability of their information resources, a department must have a strategy for controlling access to information through owner identification and user authentication.
Departmental management and technology staff.
- Identify and establish data owners.
- Identify the user groups who need access to the data controlled by each data owner.
- Data owners identify the privileges to be granted to each group of users.
- Each computer user is required to have a unique logon ID and strong password.
- Each computer user acquires access to information through assignment to one or more user groups.
TAC, 202.7, Sections A, B, C: "Information Resources Security Safeguards"
IT Security Manual: "Data and Software Access Control"
IT Security Manual: "Information Ownership"
IT Security Manual: "Password Control"
IT Reference Guide: "Logical Security: Confidential Information and Logical Security"
IT Security Manual: "Logical Security: Local System Protection, Firewalls"
IT Support Standards: "Data Security"
IT Support Standards: "Password Use and Computer Account Security"