Information Technology Policies and Standards

Title
User ID Security Exceptions
Type
Standard
Related Policy
User ID Security Policy
Category
Security
Status
Approved
Approved
02/15/2013
To Be Reviewed
02/15/2015
Scope
Departments needing to establish shared User IDs that can be used by multiple individuals must request special exception to the User ID Security Policy.
Standard
Standard Definitions:

This policy is to provide exception to the unique User ID required for individual authentication to networked resources.

Standard Provisions:

User IDs and passwords shall not be shared among users. Departments requesting an exception must submit a written request with Department Director approval to the Technical Review Committee (TRC) to include the following information:

Department / division
Point of contact name and phone number
Description of system/environment
Justification for exception
existing security controls that would ensure compliance with all City security policies

Exceptions to the use of shared User IDs may be granted by the ITSD Security Officer upon approval of the Technical Review Committee (TRC). This request will be placed on the TRC agenda and a Department representative must attend the TRC meeting to justify the exception.

If the exception request is denied, the Department has the option to ask the TRC to have the request placed on the next Information Services Committee (ISC) agenda. A Department representative must attend the ISC meeting to justify the exception. The decision of the ISC shall be final.

Rationale
The City of Albuquerque relies extensively on its computing systems to meet its operational, financial, and informational requirements. It is essential that these systems and the data they process be operated and maintained in a secure environment.

The intent of this policy is to maintain accountability. Protection of City assets and accountability for their use shall override convenience in all circumstances.


Contact: Arthur C. Montoya, (505) 768-2925