Anchor: #i1116457

Section 2: User Identification and Authentication

Anchor: #i1022492

Introduction

TxDOT will identify individuals and verify their identity before allowing access to its information assets. This section addresses the “Protect” objective of the Texas CyberSecurity Framework.

Anchor: #i1022506

Protocol

TxDOT will uniquely identify each individual and manage this information through processes that identify and authorize individuals, groups, roles, or devices as the valid user of a specified set of credentials before any access to TxDOT information resources is granted.

Authentication. This process of verifying the validity of a set of credentials is commonly known as authentication. TxDOT uses several means to verify the identity and authorize access, including: multi-factor authentication for local and remote network access; system authenticators; and token- and password-based authenticators.

Management. TxDOT will establish, implement, and refine procedures for:

  • distributing initial authenticators
  • changing default content on first use
  • protecting authenticator content from unauthorized disclosure and modification
  • establishing thresholds for life time restrictions and reuse conditions
  • replacing lost, compromised, or damaged authenticators
  • revoking authenticators.
Anchor: #i1022520

General Responsibilities

All individuals who use information resources must provide correct identification and authentication in order to gain access to TxDOT's information systems.

Supervisors must validate the identity of individuals requesting access to TxDOT's information systems.

Information Security Officer must:

  • implement security controls to correctly identify and authenticate individuals
  • ensure that all individuals who use TxDOT information resources comply with the identification and authentication mandates issued in the Intrusion Prevention Policy.

Compliance and Standards

See the “Identification and Authentication Standards” in the Information Security Standards manual for a list of the minimum standards necessary to comply with this objective of the Intrusion Prevention Policy.

Previous page  Next page   Title page