Standard for System and Application Access Control
I. Purpose
The purpose of this standard is to establish the university’s obligation to ensure that systems and applications are protected from unauthorized access.
II. Scope
It is the responsibility of all system and application owners to determine appropriate controls, rules, access rights and restrictions for their information or information systems. They must ensure that their application or system is provisioned to prevent unauthorized access.
III. Contacts
Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at ISCompliance-group@uncc.edu.
IV. Standard
To provide adequate protection to their systems or applications, owners should implement the following:
- Access restrictions
- Secure logon procedures
- Password management protocols consistent with the Standard for Account Passwords
- Restrictions on any utility program that might be capable of overriding system and application controls
- Restrictions to access of program source code
Related Resources
- University Policy 311 Information Security
- Standard for Account Passwords
- ISO/IEC 27002
ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.
Revision History
Initially approved by the Information Assurance Committee 4/2/15
Updated 6/2/22