Section 3 Introduction
Knowledge Management provides information technology systems, tools, governance, and support to facilitate the creation and management of data and the use of information and knowledge for effective analysis and decision making both at the System and institution levels. IT Management establishes and advances an environment and a set of practices that support agile and accessible collection, transformation, warehousing, retrieval, analysis, and exchange of vital enterprise data and decision-support information.
The following definitions of shall, will, must, may, may not, and should are used throughout this Handbook.
- Shall, Will, and Must indicate a legal, regulatory, or policy requirement. Shall and Will are used for persons and organizations, and Must for inanimate objects.
- May indicates an option.
- May Not indicates a prohibition.
- Should indicates a recommendation that, in the absence of an alternative providing equal or better protection from risk, is an acceptable approach to achieve a requirement. The focus of “should” statements generally is more outcome-based; i.e., an alternate method to achieve the requirement may be developed assuming it is documented as effectively managing risk.
The following definitions of Critical System, Principle of Least Privilege (PoLP), Sensitive Information, System Owner, and Users are used throughout this section.
- A Critical System is a system whose failure or malfunction will result in not achieving organization goals and objectives.
- The Principle of Least Privilege (PoLP) describes minimal user profile or access privileges to information resources based on allowing access to only what is necessary for the users to successfully perform their job requirements.
- Sensitive Information is information maintained by USG institutions, the USO, and the GPLS that requires special precautions, as determined by institution standards and risk management decisions, to ensure its accuracy and integrity by using integrity, verification, and access controls to protect it from unauthorized modification or deletions.
- A System Owner is the manager or agent responsible for the function that is supported by the resource or the individual upon whom responsibility rests for carrying out the program that uses the resources. The system owner is responsible for establishing the controls that provide the security. The system owner of a collection of information is the person responsible for the business results of that system or the business use of the information.
- Users are individuals who use the information processed by an information system.
|Section Number||Section Name||Compilation Date||Published Date||Compliance Date||Revision Date(s)|
User Account Management
|November 2012||March 2013||July 2013||May 2014|