New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.12 - ACCESS CONTROL POLICY
Current through Register Vol. 35, No. 18, September 24, 2024
To preserve the integrity, confidentiality, and availability of the system and the data, the agency's information assets shall be protected by logical as well as physical access control mechanisms commensurate with the value and sensitivity of the system, the ease of recovery of the assets and the direness of consequences, legal or otherwise, if the loss or compromise were to occur.
A. Agencies' CIOs are responsible for determining who shall have access to sensitive and protected information resources within the agency. Access privileges shall be granted by the CIO in accordance with the particular user's role and job responsibilities in the agency.
B. Agency enforcement of its access control policy shall be verified during an independent annual risk assessment which shall be performed by DoIT or a DoIT approved contractor.