Cyber Security Policy Manual

U SER P ROVISIONING P OLICY

P URPOSE The purpose of this policy is to define the access control principles for creating and removing user accounts and granting access to systems and applications to protect the City of Greensboro’s systems and information from unauthorized access and disclosure. S COPE This policy applies to: 1) All information technology assets owned and operated by the City of Greensboro 2) All City of Greensboro Employees 3) All City of Greensboro Suppliers, contractors and consultants

D EFINITIONS Authentication

The process of identifying an individual based on username and password. It ensures that the individual is who he/she claims to be The process of granting or denying access to a network resource based on user identity. It ensures that only authorized users gain access to network resources The process of keeping track of user’s activities while accessing network resources. It identifies malicious behavior on the network and helps with trend analysis, planning and auditing An approach to restricting system and application access to authorized users based on the role they hold at the City

Authorization

Accounting

Role-based access control

R OLES AND RESPONSIBILITIES Function

Responsibility

Cyber Security Team

1. Review requests for privileged and service accounts and approve/deny these requests 2. Monitor and review the use of privileged accounts 3. Conduct reviews of accounts and passwords to ensure compliance with policy 4. Ensure that accounts provisioned adhere to the policy

Cyber Security Policy Manual

25