Section 8060 of the California State University Information Security Policy, entitled Access Control, requires that campuses establish appropriate controls to protect assets containing Level 1 and Level 2 protected data. Campus identity management systems use approved affiliation definitions to create and remove accounts and provide basic access for individuals affiliated with the University. This procedure is intended to formalize the governance process as it relates to identity management and changes to the University's identity management infrastructure.
This procedure applies to all Humboldt State University students, employees, affiliates, contractors, and auxiliary organization members, as well as other individuals authorized to perform identity management functions on behalf of the University.
- Data Manager Governance Group. The Data Manager Governance Group consists of administrators, CMS Access granters, and data owners from across campus. The Data Manager’s governances group provides Identity Management governance to the University.
- IdM Technical Team. The IdM Technical Team consists of functional staff from Payroll, Human Resources, Faculty Personnel, Enterprise Data Management and other technical experts involved with the development and maintenance business processes and other Identity Management infrastructure. Changes are reviewed by this team prior to being submitted to the Data Manager group.
- Enterprise Data Management. The Enterprise Data Management team is the IT group that manages the campus Identity Management Infrastructure. Changes to systems and services maintained by the IdM group follow approved change control procedures. IdM governance reviews changes to affiliation definitions and services.
- Information Security. The Information Security Office is responsible for the management and coordination of affiliation definitions. The Information Security Office should also review business process, affiliation definition, and Identity Management system changes that might impact the confidentiality, integrity, or availability of sensitive information resources.
- All identities within the identity registry will be assigned a single, unique ID number and user name. HSU ID numbers and user names will never be re-issued to a different identity.
- The University will participate in identity federation, whereby holders of an HSU identity may be granted access to resources hosted outside the University, and holders of an identity from a federated entity may be granted access to resources hosted by the University.
- Peoplesoft HCM business processes and business process guides that affect identity management should be reviewed by the IdM Technical Team and approved by the Data Manager Governance Group prior to implementation.
- Changes to affiliation or account definitions should be reviewed by the IdM Technical Team and approved by the Data Manager Governance Group prior to implementation.
- Changes to the central IdM registry system should follow HSU enterprise change control procedures. www.humboldt.edu/its/service-profiles/
- The Director of Enterprise Technology will review the list of authorized employees twice a year, in January and June, and verify the list against current signed authorization forms.