AC-14: Permitted Actions Without Identification or Authentication

NIST Baseline:  Low 

DIR Required By: 01/20/2023 

Review Date:  04/17/2024 

1. All actions on internal information resources will require a Tarleton-issued identifier that must be presented to the information resource before any actions are permitted to help ensure accountability with Tarleton procedures and business functions.   

2. Any exceptions to the above must be documented and approved by the Tarleton Chief Information Security Officer (CISO) or their designee. 

3. Publicly accessible information resources such as public websites, information kiosks, and other situations where risk analysis demonstrates no need for individual accountability are exempt from the requirement of unique user identification as outlined in Control AC-3, Access Enforcement.   

---

References/Additional Resources

None.  See any applicable internal procedures.