Identity and Access Management (IAM) addresses online and physical access to assets and data, specifically how a person or resource is identified, the resoures that can be accessed, and what can be done with that access. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

• Accounting Services - Credit Card Merchant Services and PCI Compliance (access control provisions) _{(on bussvc.wisc.edu)}

• Faculty Senate - Access to Faculty and Staff Electronic Files Policy _{(main entry: Privacy)}

• HIPAA _{(on compliance.wisc.edu)}

  • 3.8 Minimum Necessary Standard
  • 8.9 HIPAA Security System Access
  • 8.10 HIPAA Security Remote Access
  • 8.12 HIPAA Security Facilities Access

• IT Policy

  • Access Control Services Policy and Standard
  • IT Credentials Policy (planned) _{(on IT Policy Wiki)}
  • Guest NetID Policy
  • NetID Eligibility Policy
  • Password Policy and Standard

• UW System _{(on wisconsin.edu)}

  • 1030 Authentication Policy
  • 1030A Authenticaion Procedures
  • 25-3 Acceptable Use of Information Technology Resources (credentials and access provisions)

Related Documents

• IT Policy-related

  • IT Compliance Agreement (NetID Terms of Use)
  • NetID Appropriate Use Standards
  • Non-UW-Madison Applications and Services Guidelines _{(main entry: Acquisition and Development)}

• Records Management - Electonic Communications Guidance (PDF) _{(on library.wisc.edu)}