Topics Map > UW-Madison > Cybersecurity > Access Control

UW-Madison - CIO - Access Control Services Policy

Applies to anyone who maintains or operates UW-Madison electronic services that are secured by access controls.

The Access Control Services Policy requires use of institutionally managed access control services as suitable services become available.

The Access Control Services Standard is the implementation of the policy.

 
  • Of interest to:
    • IT Security Staff
    • IT Staff
  • Subjects:
    • Identity Management
    • Resource Management
    • Security
  • Cybersecurity:
    • Access Control
    • Monitoring and Mitigation
  • Data Handling Activities:   
    • Access
    • Monitoring
 

Policy

All UW-Madison units that maintain or operate electronic services secured by access controls must configure those applications or systems to:

  1. use institutionally managed access control services as suitable services become available; and

  2. comply with the appropriate use standards for the institutionally managed credentials.

Background

In August of 2006 the NetID Policy Issues Team and the AuthN/Z Coordinating Team, composed of representatives from a variety UW-Madison units, made policy recommendations for the use of institutionally managed credentials and institutionally managed access control services. The recommendations were reviewed by the CIO and endorsed by the Identity Management Leadership Group. The recommendations seek to:

  1. improve security by:

    1. reducing the number of electronic services that handle or store credentials, and

    2. establishing more uniformity among services that handle or store credentials;

  2. reduce confusion by clearly distinguishing institutionally managed credentials from locally managed credentials;

  3. better enable the use of “single sign-on”, reducing the number of credentials needed; and

  4. facilitate wider access by:
    1. increasing the populations supported by the institutional access control services, and

    2. improving support for federated access control to or from external applications.

Authority

Issued by the UW-Madison Vice Provost for Information Technology.

Enforcement

  1. Designated representatives of the UW-Madison CIO and Vice-Provost for Information Technology will set the current compliance standard and determine whether or not an application or system is in compliance.

  2. The standard for compliance is expected to change over time as suitable access control services become available and barriers to migration are reduced.

Contact

Please address questions or comments to policy@cio.wisc.edu.

References

 



Keywords:policies policy recommendations requirements recommendation requirement requirements, it-security-staff it-staff information-technology security, identity-management resource-management security cybersecurity identity resource, access monitoring, access-control access   Doc ID:58841
Owner:GARY D.Group:IT Policy
Created:2015-12-10 08:50 CDTUpdated:2017-02-14 12:39 CDT
Sites:IT Policy
CleanURL:https://kb.wisc.edu/itpolicy/cio-access-control-services-policy
Feedback:  0   0