Difference between revisions of "Internal:Technology access policy amendment"
Jump to navigation
Jump to search
(copyedits) |
(Adopted) |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
− | {{draft| |
+ | {{draft|historical}} |
The [[Technology Access Policy]] is amended by striking Article III, Paragraph 2 and inserting: |
The [[Technology Access Policy]] is amended by striking Article III, Paragraph 2 and inserting: |
||
− | 2. <u>Standards for Tools</u>. |
+ | 2. <u>Standards for Tools</u>. Software platforms used by the Corporation to collect or store Sensitive PII ("Sensitive PII Tool") shall adhere to the following standards: |
: (a) <u>Individual Access</u>. Access shall be allocated to individual user accounts, not accounts shared among individuals. The President may make exceptions for specific tools if the President determines that no feasible alternative exists. |
: (a) <u>Individual Access</u>. Access shall be allocated to individual user accounts, not accounts shared among individuals. The President may make exceptions for specific tools if the President determines that no feasible alternative exists. |
||
: (b) <u>HTTP Connection</u>. Web-based tools shall only be accessed over HTTPS. Tools that do not support access over HTTPS shall not be used by the Corporation. |
: (b) <u>HTTP Connection</u>. Web-based tools shall only be accessed over HTTPS. Tools that do not support access over HTTPS shall not be used by the Corporation. |
Latest revision as of 20:13, 10 December 2016
Status: Historical
The Technology Access Policy is amended by striking Article III, Paragraph 2 and inserting:
2. Standards for Tools. Software platforms used by the Corporation to collect or store Sensitive PII ("Sensitive PII Tool") shall adhere to the following standards:
- (a) Individual Access. Access shall be allocated to individual user accounts, not accounts shared among individuals. The President may make exceptions for specific tools if the President determines that no feasible alternative exists.
- (b) HTTP Connection. Web-based tools shall only be accessed over HTTPS. Tools that do not support access over HTTPS shall not be used by the Corporation.
- (c) Two-Factor Authentication. It is the policy of the Corporation to prefer tools that support two-factor authentication.
- (d) Public-Key Authentication. Accounts on Corporation servers shall only be accessed through public-key authentication.