Identity & Access Control

 Identity and Access Management

Safeguards for Domain 8
Information Security & Privacy Program

In order to provide appropriate access to information and systems and to prevent unauthorized access, safeguards based on business and legal requirements must be identified and applied. Controlling access to personal information is a key element of providing information privacy.

Standards-based expectations for this Domain IU's Implementation of Safeguards for this Domain

Business Requirements for Access Control

Documentation of access control policies and rights is necessary to provide appropriate access to information, and must be based on business, security, and privacy requirements.


User Access Management

Procedures covering the full life-cycle of user access, from initial provisioning to final de-provisioning, should be in place to ensure authorized user access and to prevent unauthorized access.

User Responsibilities

Users should be made aware of their responsibilities for maintaining effective access controls, particularly regarding the use of passwords and the security of user equipment.

Network Access Control

Access to both internal and external networked services should be controlled.

Operating System Access Control

Security tools and procedures should be used to restrict access to operating systems to only authorized users.

Application and Information Access Control

Application systems should apply access controls to limit access to only authorized users.

Mobile Computing and Telecommuting

The risks of mobile computing and telecommuting should be identified and appropriate security applied as appropriate. Mobile computing includes the use of laptops, PDA's, cell phones, etc. Telecommuting uses communications technology to enable personnel to work remotely from a fixed location outside of their organization.

Mobile Computing and Telecommuting

Do you plan to travel abroad and take your university issued laptop computer, digital storage device, or any encryption products with you? The Export Control Office in the Office of Research Administration can help you determine if your university-issued electronic components require a license prior to international travel, can provide tips for international travel wi