Topics Map > UW-Madison > Cybersecurity > Access Control

UW-Madison - CIO - Access Control Services Standard

The Access Control Services Standard is the implmentation of the Access Control Services Policy.

Official Printable PDF

These standards for compliance are for the Access Control Services Policy.

Standards

  1. Regarding policy provision 1, the requirement that electronic services secured by access controls be configured to use institutionally managed access control services as suitable services become available, current access control services include:

    1. NetID Login Service.

      To begin using this service, please see the NetID Login Service description (https://it.wisc.edu/services/netid-login-service/), or search the DoIT Help Desk Knowledge Base (http://kb.wisc.edu/search.php?q=netid+login+service.)

    2. Campus Active Directory.

      To begin using this service, please see the Campus Active Directory description (https://it.wisc.edu/services/campus-active-directory/), or search the DoIT Help Desk Knowledge Base (http://kb.wisc.edu/search.php?q=active+directory+service.)

    Additional capability may be added to existing access controls services, or other access control services may be added.

    Exceptions:

    UW-Madison applications and systems are exempt if migration to the available access control services is currently impractical for technical or operational reasons.

    • Example technical reasons: the available access control services do not support an access control method compatible with the system or application.
    • Example operational reasons: some consumer populations cannot yet obtain a NetID, or the migration of several different systems or applications must be coordinated because they share a locally managed credential.

    It is anticipated that the number of applications and systems that qualify for an exception will become smaller as the barriers to migration are reduced, and the capabilities of the available access control services are expanded to support a wider range of applications and systems.

  2. Regarding policy provision 2, the requirement that electronic services secured by access controls be configured to comply with the appropriate use standards for the institutionally managed credentials, current appropriate use standards include:

    1. NetID Appropriate Use Standards (https://kb.wisc.edu/itpolicy/cio-netid-appropriate-use-standards).
    2. University Directory Service (UDS) Responsible Use Policy (https://kb.wisc.edu/itpolicy/cio-uds-responsible-use-policy).

    Over time, additional appropriate use standards may be adopted when more institutionally managed credentials are added.

    Exceptions:

    The individual appropriate use standards address exceptions to each standard.

Contact

Please address questions or comments to policy@cio.wisc.edu.

References

IT Policy Glossary: https://kb.wisc.edu/itpolicy/glossary
Access Control Services Policy: https://kb.wisc.edu/itpolicy/cio-access-control-services-policy
Effective:   Dec 01, 2009
Revised:    Jun 20, 2013 Rev A
Reviewed:  Jun 20, 2013
Review by: Jun, 2016
Maintained by: Office of the CIO, IT Policy
History at: https://kb.wisc.edu/itpolicy/cio-access-control-services-history
Reference at: https://kb.wisc.edu/itpolicy/cio-access-control-services-policy
Previously titled: "Use of Institutional Access Controls Services Compliance Standards"

Text in italics is not part of the official text.




Keywords:index standard standards, it-security-staff it-staff information-technology security, identity-management resource-management security cybersecurity identity resource, access monitoring, access-control access   Doc ID:58843
Owner:GARY D.Group:IT Policy
Created:2015-12-10 08:52 CDTUpdated:2016-11-26 16:27 CDT
Sites:IT Policy
CleanURL:https://kb.wisc.edu/itpolicy/cio-access-control-services-standard
Feedback:  0   0