Ps-6 Access Agreements


2. Re-sign access agreements to access organizational information systems when access agreements have been updated, or [Classification: organizational frequency]. c. ensures that people who need access to organizational information and information systems verify and update the access agreement each year; A new signing of access agreements to maintain access to university information resources at least every four years. 1. sign access agreements before accessing them; and b. Reviews and updates access agreements [assignment: organizational frequency]; and (a) the development and evidence of access to information systems; Review 4 Statements Control Description Supplemental Guidance References Publication 800-53 contains the following controls for each section in the FIPS200 manual. These recommended controls are what we have used to set standards and guidelines for the university. These are based on a federal government document that is probably focused on all aspects, like GSA on the FBI at the CIA up to the FAA, etc. Therefore, some of them who seem paranoid, draconian, and so on, may be useful to a federal authority, but not so much to us. Access Control AC-1 Ac-1 Access Control Policy and Procedures AC-2 Account Management AC-3 AC-4 Access Application AC-4 Information Flux Enforcement AC-5 Separation of Tasks AC-6 Least Privilege AC-7 Unsuccessful Registration Attempts AC-8 System Use Notification AC-9 Previous Logon (Access) AC-10 Competitor Session Control AC -11 AC-12 End of session AC-13 Control and Control of AC-14 Authorized Actions Without Identification or Authentication AC-15 Automated Marking AC-16 Security Attributes AC-17 Remote Access AC-18 Wireless Access AC-19 Access Control For AC-20 Mobile Devices Deployment of External Information Systems AC-21 AC-22 Public Content Awareness and Training AT-1 Security And Training Policies and Training Procedures AT-2 Security Awareness AT-3 Security Training AT-4 Security Training AT-5 Records Contacts with Security Groups and Associations Audit and Accountability AU-1 Audit and Accountability Policy and Procedures AU-2 Auditable Events AU-3 Content of Audit Records AU-4 Audit Storage Capacity AU-5 Response To Audit Processing Failures AU-6 Audit Review Analysis; and audit reports AU-7 Auditor Reduction and Report Generation AU-8 Time Stamps AU-9 Protection of Audit Information AU-10 Non-dispudiation AU-11 Audit Audit Retention AU-12 Audit Generation AU-13 Monitoring For Information Disclosure AU-14 Session Audit Safety Assessment and Authorization CA-E 1 Security Assessment and Authorization Policies and Procedure CA-2 Security Assessments CA-3 Ca-3 Information System Connections CA-4 Certification Point CA-5 Action Plan and Milestones CA-6 Security Authorization CA-7 Continu Management Configuration CM-1 Configuration Management Policy and Procedures CM-2 Baseline CM-3 Configuration Control CM-4 Impact Analysis cm-5 Access Cabinets for Modification CM-6 Configuration CM-7 Least Functionality CM-8 Information System Component Inventory CM-9 Configuration Contingency Management Plan Planning CP-1 Contingency Planning and Procedures CP-2 Contingency Plan CP-3 Contingency Training CP-4 Emergency Plan Tests and Exercises CP-5 Emergency Plan Update CP-6 Alternate Storage Site CP-7 Aging Processing Site CP-8 Telecommunications Services CP-9 Information System Backup CP-10 Information System Recovery and Reconstruction Identification and Authentication IA-1 Identification and Authentication IA-1 Identification and Authentication Code and Method IA-2 Identification and Authentication (Organization Users) IA-3 Identification and Authentication device IA-4 Identifier Management IA-5 Authenticator Management IA-6 Authenticator IA-7 Cryptographic Module Authentication IA-8 Identification Identification and Authentication (Non-organizational Users) Incident Response IR- 1 Incident Response Policy and Procedures IR-2 Incident Response Training IR-3 Incident Response Testing and Exerci Irses IR-4 Incident Handling IR-5 Incident Monitoring IR-6 Incident Reporting IR-7 Incident Response Assistance IR-8 Incident Response Plan Maintenance MA-1 System Maintenance Policy and Procedures MA-2 Controlled Maintenance MA-3 Maintenance MA-4 Non-Local Maintenance MA-5 MA-6 Maintenance Staff In Time Med

Pin It