Identification & Authorization Clause Samples

Identification & Authorization. All Information Resources must require identification and authorization procedures for users to access the Information Resource. Access to Information Resources must require controls such as user credentialing and passwords meeting EOTSS and EOHHS standards. For legacy Information Resources not requiring identification and authorization procedures, a supplemental security plan must be provided which explains why user actions do not require identification and authorization and which demonstrates compensating controls for user authentication.