Information Security
Best Practices for Access Control
Access control specifies who can login to specific systems, what they can do and when they are allowed to work on specific hosts or applications.
- Access Control Practices and Standards
- HIPPA - Security Standards Subpart C
- NIST 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems
- NIST 800-9 Good Security Practices for Electronic Commerce
- NIST 800-63 Electronic Authentication Guideline
- NIST FIPS 112 Password Usage Standard
- NIST FIPS 113 Computer Data Authentication
- NIST FIPS 186-2 Digital Signature Standard
- NIST FIPS 201 Personal Identity Verification for Federal Empoyees and Contractors
- Tufts University Related Practices and Policies
- Information Technology Responsible Use Policy
- Eligibility for Information Technology
- E-mail Accounts and Addresses
- AMAS Department Self-Assessment for Internal Controls
- TCCS Microsoft LAN Account Standard
- Technical standards and related links
- NIST Role Based Access Control RBAC Standard
- OASIS eXtensible Access Control Markup Language (XACML) Specification
- OASIS Security Assertion MarkupLanguage (SAML)
- RFC 3744 Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol
- NIH's eRA Password Policy
Tufts Home |
Inside Tufts |
Contact University Information Technology
Privacy/Security Notices |
Updated April 30 2008
© 2008 Trustees of Tufts College. All rights reserved.