{"id":2495,"date":"2025-04-24T20:32:31","date_gmt":"2025-04-24T20:32:31","guid":{"rendered":"https:\/\/www.tarleton.edu\/technology\/?page_id=2495"},"modified":"2025-04-24T20:32:58","modified_gmt":"2025-04-24T20:32:58","slug":"tarleton-oits-admin-special-access-standard","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/technology\/tarleton-oits-admin-special-access-standard\/","title":{"rendered":"Tarleton OITS Administrator\/Special Access Standard"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h1 class=\"wp-block-heading\">Tarleton Office of Innovative Technology Solutions (OITS) <br> Administrator\/Special Access Standard<\/h1>\n\n\n\n<p>Effective: February 11, 2020<\/p>\n\n\n\n<p>Revised:&nbsp; April 24, 2025&nbsp;<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image alignright size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.tarleton.edu\/technology\/wp-content\/uploads\/sites\/170\/2021\/12\/Tarleton_TonTexas.svg\" alt=\"The Tarleton State University logo\" class=\"wp-image-670\" style=\"width:159px;height:auto\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity has-vivid-cyan-blue-to-vivid-purple-gradient-background has-background is-style-wide\" \/>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedure Summary<\/strong>&nbsp;<\/h2>\n\n\n\n<p>This standard applies to all information resources managed by Tarleton State University (Tarleton) and Tarleton users. The purpose of this standard is to provide a set of measures that will mitigate information security risks associated with the administrator\u2019s special access. There may also be other or additional measures that will provide appropriate mitigation of the risks.\u00a0\u00a0<\/p>\n\n\n\n<p>The assessment of potential risks and the application of appropriate mitigation measures are to be determined by the information resource owner or their designee. In accordance with <a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\">Texas Administrative Code (TAC) Chapter 202 \u2010 Information Security Standards<\/a>. As per <a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?$locale=en_US&amp;interface=VIEW_TAC_SUMMARY&amp;queryAsDate=04%2F24%2F2025&amp;recordId=206714\">TAC \u00a7202.72<\/a>, an information resource owner that decides not to implement some or all of the standards provided in this SAP must justify and document such exceptions based on information security risk management decisions and\/or business functions. The information resource owner must then report any exceptions to these standards to the designated information security officer (ISO)\/chief information security officer (CISO).<\/p>\n\n\n\n<div class=\"wp-block-group word-wrap: normal is-layout-flow wp-block-group-is-layout-flow\">\n<p>Please see the <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/access-control-ac\/ac-2-7-privileged-user-accounts\/\">Tarleton Security Controls Catalog, specifically Access Control (AC)-2(7)<\/a>, for additional information and requirements.<\/p>\n<\/div>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedures and Responsibilities<\/strong>&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>University departments shall maintain a list or lists of personnel who have administrator or special access accounts for departmental information resources systems. The appropriate department head, director, or their designee shall review this list on a regular basis and when users within their department change\/leave.\u00a0\u00a0<\/li>\n\n\n\n<li>All users of administrator and special access accounts shall have account management instructions, training, and authorization.<\/li>\n\n\n\n<li>Each individual who uses administrator and special access accounts must do investigations only under the direction of the ISO\/CISO.\u00a0\u00a0<\/li>\n\n\n\n<li>Each individual who uses administrator and special access accounts will use the account privilege most appropriate for their work being performed (i.e., user account vs. administrator account).\u00a0\u00a0<\/li>\n\n\n\n<li>The password for a shared administrator and special access account must change when an individual using the shared account leaves the department and\/or the university or upon a change in the vendor personnel assigned to the Tarleton contract.\u00a0\u00a0<\/li>\n\n\n\n<li>When a system has only one administrator, there shall be a password escrow standard in place so that someone other than the administrator can gain access to the administrator account in an emergency.\u00a0\u00a0<\/li>\n\n\n\n<li>When special access accounts are needed for internal or external audit, software development, software installation, or other defined need, they:\u00a0\u00a0\n<ul class=\"wp-block-list\">\n<li>must be authorized, <\/li>\n\n\n\n<li>must be created with a specific expiration date, and<\/li>\n\n\n\n<li>must be removed when work is complete.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Definitions<\/h2>\n\n\n\n<p><strong>Descriptive data (e.g., logs)<\/strong>: information created by a computer system or information resource that is electronically captured and which relates to the operation of the system and\/or movement of files, regardless of format, across or between a computer system or systems. Examples of captured information are dates, times, file size, and locations sent to and from.\u00a0\u00a0<\/p>\n\n\n\n<p><strong>Information Resources<\/strong> <strong>(IR)<\/strong>: the standards, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.\u00a0\u00a0<\/p>\n\n\n\n<p><strong>Information Security Officer (ISO<\/strong>)<strong> \/ Chief Information Security Officer (CISO):<\/strong> responsible for administering Tarleton\u2019s information security functions and reports to the information resources manager (IRM).\u00a0\u00a0<\/p>\n\n\n\n<p><strong>User data<\/strong>: User-generated electronic forms of information that may be found in the content of a message, document, file, or other form of electronically stored or transmitted information.&nbsp;&nbsp;\u00a0<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Related Statutes, Policies, or Requirements<\/strong>&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/29-01.pdf\">TAMUS Policy 29.01, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-02.pdf\">TAMUS Regulation 29.01.02, Use of Licensed Software<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-03.pdf\">TAMUS Regulation 29.01.03, Information Security<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-04.pdf\">TAMUS Regulation 29.01.04, Accessibility of Electronic and Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-05.pdf\">TAMUS Regulation 29.01.05, Artificial Intelligence<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-06.pdf\">TAMUS Regulation 29.01.06, Covered Applications and Prohibited Technologies<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_03_T0_01.pdf\">Tarleton SAP 29.01.03.T0.01, Information Resources &#8211; Acceptable Use<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_99_t1.pdf\">Tarleton Rule 29.01.99.T1, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\">Tarleton Security Controls Catalog<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Contact Office<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Office of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>AVP and CIO of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>254-459-5685&nbsp;<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tarleton Office of Innovative Technology Solutions (OITS) Administrator\/Special Access Standard Effective: February 11, 2020 Revised:&nbsp; April 24, 2025&nbsp; Procedure Summary&nbsp; This standard applies to all information resources managed by Tarleton &#8230;<\/p>\n","protected":false},"author":94,"featured_media":580,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-fullwidth.php","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-2495","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/technology\/author\/jgeorge\/","display_name":"jgeorge"},"relative_dates":{"created":"Posted 12 months ago","modified":"Updated 12 months ago"},"absolute_dates":{"created":"Posted on April 24, 2025","modified":"Updated on April 24, 2025"},"absolute_dates_time":{"created":"Posted on April 24, 2025 8:32 pm","modified":"Updated on April 24, 2025 8:32 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2495","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/comments?post=2495"}],"version-history":[{"count":2,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2495\/revisions"}],"predecessor-version":[{"id":2504,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2495\/revisions\/2504"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/media?parent=2495"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}