Statutes, codes, and regulations
New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATIONChapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.12 - ACCESS CONTROL POLICY

N.M. Admin. Code § 1.12.20.12

Download
PDF
Current through Register Vol. 35, No. 24, December 23, 2024
Section 1.12.20.12 - ACCESS CONTROL POLICY

To preserve the integrity, confidentiality, and availability of the system and the data, the agency's information assets shall be protected by logical as well as physical access control mechanisms commensurate with the value and sensitivity of the system, the ease of recovery of the assets and the direness of consequences, legal or otherwise, if the loss or compromise were to occur.

A. Agencies' CIOs are responsible for determining who shall have access to sensitive and protected information resources within the agency. Access privileges shall be granted by the CIO in accordance with the particular user's role and job responsibilities in the agency.
B. Agency enforcement of its access control policy shall be verified during an independent annual risk assessment which shall be performed by DoIT or a DoIT approved contractor.

N.M. Admin. Code § 1.12.20.12

1.12.20.12 NMAC - N/E, 4/14/2010