Assessment, Authorization, and Monitoring (CA)

Purpose –  

Assessments and monitoring ensure that information security controls are implemented correctly, working as intended and result in meeting the security requirements for each information resource.  Authorization to operate information resources must be controlled to ensure that residual risks are reviewed and accepted and to ensure that authorized resources satisfy business needs and comply with security, privacy, and accessibility laws and policies.  

---

Scope and Roles – 

This policy applies to information resources owned or managed by Tarleton State University (Tarleton). The intended audience includes the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), and information resource owners and custodians.  

---

Compliance –  

Assessment, authorization, and monitoring controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code (TAC) §202.76 and Texas A&M University System (TAMUS) Regulation 29.01.03, Information Security.