UW-Madison - CIO - Access Control Services Policy
Applies to anyone who maintains or operates UW-Madison electronic services that are secured by access controls.
The Access Control Services Policy requires use of institutionally managed access control services as suitable services become available.
The Access Control Services Standard is the implementation of the policy.
- Of interest to:
- IT Security Staff
- IT Staff
- Identity Management
- Resource Management
- Access Control
- Monitoring and Mitigation
- Data Handling Activities:
All UW-Madison units that maintain or operate electronic services secured by access controls must configure those applications or systems to:
use institutionally managed access control services as suitable services become available; and
comply with the appropriate use standards for the institutionally managed credentials.
In August of 2006 the NetID Policy Issues Team and the AuthN/Z Coordinating Team, composed of representatives from a variety UW-Madison units, made policy recommendations for the use of institutionally managed credentials and institutionally managed access control services. The recommendations were reviewed by the CIO and endorsed by the Identity Management Leadership Group. The recommendations seek to:
improve security by:
reducing the number of electronic services that handle or store credentials, and
establishing more uniformity among services that handle or store credentials;
reduce confusion by clearly distinguishing institutionally managed credentials from locally managed credentials;
better enable the use of “single sign-on”, reducing the number of credentials needed; and
- facilitate wider access by:
increasing the populations supported by the institutional access control services, and
improving support for federated access control to or from external applications.
Issued by the UW-Madison Vice Provost for Information Technology.
Designated representatives of the UW-Madison CIO and Vice-Provost for Information Technology will set the current compliance standard and determine whether or not an application or system is in compliance.
The standard for compliance is expected to change over time as suitable access control services become available and barriers to migration are reduced.
Please address questions or comments to firstname.lastname@example.org.
- Access Control Services Standard: https://kb.wisc.edu/itpolicy/cio-access-control-services-standard
- IT Policy Glossary: https://kb.wisc.edu/itpolicy/glossary