202 Information Security Identity, Authentication, and Access Control
DRAFT
Contact the Office of Information Security at infosec@wustl.edu for information about the draft in progress.
The Information Security Identity, Authentication, and Access Control Standard includes information about:
- Access control frameworks
- Access control roles and responsibilities
- Annual review of accounts
- Access control basic principles
- Access enforcement
- Information flow enforcement
- Credentials and passwords
- Unsuccessful login attempts
- System use notification
- Session lock
- Session termination
- Permitted actions without identification and authentication
- Authorized access to security functions
- Account management
- Types of accounts
- New accounts and account changes
- Automated account audit
- Remote access
- Network access
- Emergency access
- Access removal
- Access control for external information systems
- Access control for mobile devices
- Access control for portable storage devices
- Information sharing
- Publicly accessible content