You are here

Operating System Access Control

See the Operating System Access Control Standard in the University's Information Security policy for specific requirements that you must follow.

Standard and Process

Configuration

Operating system access controls include:

  • secure logon procedures
  • minimize access to or disclosure of information about systems
  • disable/remove or limit availability of system utilities that are capable of overriding system or application controls
  • session timeouts

For information on type of authentication to use (e.g., single-factor or multi-factor) see the Authentication standard.

Document the operating system access control settings used.

IT staff are responsible for working with users, data owners and service directors on establishing operating system access controls.

Users, data owners and service directors are responsible for working with IT staff to properly use the operating system access controls in the roles they perform supporting or using the system or application.

More Information

Document Owner: University Information Security

Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect

Effective Date: August 2010

Last Reviewed Date: November 2014