New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.20 - USER REGISTRATION AND MANAGEMENT
Current through Register Vol. 35, No. 18, September 24, 2024
A. A user management process shall be established, documented and provided to all IT staff of the agency which outlines and identifies all aspects of user management including the generation, distribution, modification, and deletion of user accounts. This process shall ensure that only authorized individuals have access to agency applications and information and that such users only have access to the resources required to perform authorized services.
B. The user management process shall include the following sub-processes:
C. The appropriate information owner or other authorized officer shall make requests for the registration and granting of any data access rights.
D. For applications that interact with individuals who are not employees of the agency, including but not limited to employees of other state agencies, approved contractors or approved vendors, the information owner is responsible for ensuring an appropriate user management process is implemented. Standards for the registration of such external users shall be defined by the agency CIO, to include what credentials shall be provided to prove the identity of the user requesting registration, validation of the request, and the scope of access that may be provided.