IA-1: Identification and Authentication – Policy and Procedures
NIST Baseline: Low
DIR Required By: 07/20/2023
Review Date: 07/10/2024
Purpose –
The Identification and Authentication Policy and associated controls describe the requirements for identifying users and protecting access to information resources.
Scope and Roles –
This policy applies to information resources owned or managed by the Tarleton State University (Tarleton). The intended audience includes the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), and information resource owners and custodians.
Compliance –
Identification and Authentication controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code §202.76 and Texas A&M University System Regulation 29.01.03, Information Security.
Implementation –
- The Tarleton CISO, in coordination with information resource owners and custodians, shall develop, document, and disseminate to units a set of controls that addresses the Identification and Authentication for information resources. These controls should:
- Address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- Be consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.
- The CISO, or their designee, shall review and update the Identification and Authentication controls as necessary.
- Tarleton will assign a unique identifier for identification and develop authentication for each individual with a business, research, or educational need to access university information resources.
- Precise implementation for information resource access, identification, and authentication are highlighted in Control AC-2, Account Management; Control IA-2, Identification and Authentication (Organizational Users); and Control IA-4, Identifier Management.