Security Standard: Account Management
This standard applies to all RIT Information and Information Resources.
Requirements for All Accounts
The following security controls are required to be implemented on all accounts:
1. Account Authentication
1.1. End user account authentication should use the enterprise identity and access management service when the system or application processes Private, Confidential, or Critical Process information.
1.2. The use of the enterprise authentication service by an application should be authorized by the Authentication Service Provider and the security reviewed... ...