Access Control Services

Layout for printing
Policy Number:
UW-501
Responsible Office:
Division of Information Technology (DoIT)

University Policy

Scope:

Applies to anyone who maintains or operates UW–Madison electronic services that are secured by access controls.

Policy:

Policy

All UW–Madison units that maintain or operate electronic services secured by access controls must configure those applications or systems to:

  1. Use institutionally managed access control services as suitable services become available; and
  2. Comply with the appropriate use standards for the institutionally managed credentials.

Background

In August 2006, the NetID Policy Issues Team and the AuthN/Z Coordinating Team, composed of representatives from a variety of UW–Madison units, made policy recommendations for the use of institutionally managed credentials and institutionally managed access control services. The recommendations were reviewed by the chief information officer (CIO) and endorsed by the Identity Management Leadership Group. The recommendations seek to:

  1. Improve security by:
    1. Reducing the number of electronic services that handle or store credentials; and
    2. Establishing more uniformity among services that handle or store credentials.
  2. Reduce confusion by clearly distinguishing institutionally managed credentials from locally managed credentials.
  3. Better enable the use of “single sign-on,” reducing the number of credentials needed.
  4. Facilitate wider access by:
    1. Increasing the populations supported by the institutional access control services; and
    2. Improving support for federated access control to or from external applications.

Enforcement

Designated representatives of the CIO and vice provost for information technology will set the current compliance standard and determine whether or not an application or system is in compliance.

The standard for compliance is expected to change over time as suitable access control services become available and barriers to migration are reduced.

Related UW–Madison Documents, Web Pages, or Other Resources:

Policy Administration

Approval Authority:
Chief Information Officer & Vice Provost for Information Technology
Policy Manager:
Assistant Director, Cybersecurity Program and Business Services
Contact:
IT Policy Writer and Analyst -- Heather Johnston, itpolicy@cio.wisc.edu
Effective Date:
12-01-2009
Revised Dates:

12-14-2017

Reviewed Dates:

11/01/2019

Retrieved:
04-25-2024 13:04:14