UW-Madison - Policy Portfolio - Identity and Access Management

The Identity and Access Management (IAM) policy list includes policies related to credentials, identification, authentication, authorization, and physical access

Identity and Access Management (IAM) addresses online and physical access to assets and data, specifically how a person or resource is identified, the resoures that can be accessed, and what can be done with that access. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.

Policies

• Accounting Services - Credit Card Merchant Services and PCI Compliance (access control provisions) _{(on bussvc.wisc.edu)}

• Faculty Senate - Access to Faculty and Staff Electronic Files Policy _{(main entry: Privacy)}

• HIPAA _{(on compliance.wisc.edu)}

  • 3.8 Minimum Necessary Standard
  • 8.9 HIPAA Security System Access
  • 8.10 HIPAA Security Remote Access
  • 8.12 HIPAA Security Facilities Access

• IT Policy

  • Access Control Services Policy and Standard
  • IT Credentials Policy (planned) _{(on IT Policy Wiki)}
  • Guest NetID Policy
  • NetID Eligibility Policy
  • Password Policy and Standard

• UW System _{(on wisconsin.edu)}

  • 1030 Authentication Policy
  • 1030A Authenticaion Procedures
  • 25-3 Acceptable Use of Information Technology Resources (credentials and access provisions)

Related Documents

• IT Policy-related

  • IT Compliance Agreement (NetID Terms of Use)
  • NetID Appropriate Use Standards
  • Non-UW-Madison Applications and Services Guidelines _{(main entry: Acquisition and Development)}

• Records Management - Electonic Communications Guidance (PDF) _{(on library.wisc.edu)}