Operating System Access Control
Standard and Process
Operating system access controls include:
- secure logon procedures
- minimize access to or disclosure of information about systems
- disable/remove or limit availability of system utilities that are capable of overriding system or application controls
- session timeouts
For information on type of authentication to use (e.g., single-factor or multi-factor) see the Authentication standard.
Document the operating system access control settings used.
IT staff are responsible for working with users, data owners and service directors on establishing operating system access controls.
Users, data owners and service directors are responsible for working with IT staff to properly use the operating system access controls in the roles they perform supporting or using the system or application.
- This standard is based on the principles of ISO/IEC 27002:2005.
Document Owner: University Information Security
Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect
Effective Date: August 2010
Last Reviewed Date: November 2014