Internal:Technology access policy amendment

From Wikimedia District of Columbia
Revision as of 19:08, 10 December 2016 by Kirill Lokshin (talk | contribs) (Tag)
Jump to navigation Jump to search

Status: Under Review

The Technology Access Policy is amended by striking Article III, Paragraph 2 and inserting:

2. Standards for Tools. Any tool used by the Corporation to collect or store Sensitive PII ("Sensitive PII Tool") shall adhere to the following standards:

(a) Individual Access. Access shall only be allocated to individual user accounts, with no shared accounts used. Exceptions may be made for specific tools where the President determines that no feasible alternative exists.
(b) HTTP Connection. Web-based tools shall only be accessed over HTTPS. Tools that do not support access over HTTPS shall not be used by the Corporation.
(c) Two-Factor Authentication. It is the policy of the Corporation to prefer tools that support two-factor authentication.
(d) Public-Key Authentication. Accounts on Corporation servers shall only be accessed through public-key authentication.
Retrieved from "https://wikimediadc.org/index.php?title=Internal:Technology_access_policy_amendment&oldid=11836"