Go RIM for Policy Section 5340 - Access Control

The following provides a central location for information security standards, authority, guidance, forms, tools, definitions, and reference to other policies related to access control.

Information Security Policy (State Administrative Manual)
Authority
Standards
Guidance
Forms
Tools
Definitions
Related Policies
Go RIM Home

Authority

Government Code Section 11549
Statewide Security Policy, Section 5340

Standards

ISO/IEC 27002:2005 (formerly ISO 17799)
Federal Information Processing Standards (FIPS)
HIPAA Security Standards, Section 164.308 (a) (4), Section 164.308 (a) (5), Section 164.310 (b), Section 164.310 (c), and Section 164.312 (a) (1)
North America Electric Reliability Corporation (NERC) Standards, CIP 003 - Security Management Controls, CIP 004 - Personnel and Training, CIP 005 - Electronic Security Perimeter, and CIP 007 - System Security Management
PCI-DSS, Requirements 1, 2, 6, 8, 10, and 12
Role Engineering and RBAC Standards

Guidance

Information Sheet No. 7, Does Your Agency Implement Forced Password Changes (pdf, 67k)
Information Sheet No. 6, Telework Security Considerations (.pdf, 71k)
Users Guide to User's Guide to Securing External Devices for Telework and Remote Access, NIST SP 800-114
Assessment of Access Controls, NIST Report - September 2006
An Introduction to Role-Based Access Control, NIST ITL Bulletin - December 1995
Role Based Access Control, NIST Abstract
Identification and Authentication (NIST SP 800-12, Chapter 16)
Network Access Control Learning Guide

Forms

None for this section.

Tools

Bellingham Case Study - Lessons Learned

Definitions

Administrative and Technical Terms

Related Policies

Under development.

Last Updated: Wednesday, December 17, 2008

Cyber Threat Level

Related Websites

Right Column