This policy ensures that users are authorized before being given access to information systems, where feasible federated identity mechanisms should be used to integrate access controls of cloud services and mobile devices with internal systems.
Risks Addressed by Policy:
- Information systems could be accessed illicitly.
- Security of information systems can be compromised.