- About Us
- Web Sites
- Current Issues
- COURSES 16
- General Server Configuration
- Archived Sites
- Pre-Moodle 2
- 2010 Server Rollover
- COURSES 15
- Systems Group
- Data Portal
- Cert Exam App
- Data Updates
- EAHR Advising
- EPSY Grad Application
- Field-Based/Student Teaching
- Grad Review
- HLKN Advising Forms
- Project Achieve
- SPED Prof Phase App
- Student Database
- Student Observations
- Help System
- Windows Utilities
- Linux Utilities
- Hard Drive Data Recovery
- Data Portal Servers
- VM Hosts
- Shutdown Order
- Triplite KVM Switches
- IT Security
Administrative Authority Request Procedure
|Note: "Administrative Rights" is not simply the ability to update software on a computer. It is taking on the full responsibility of the maintenance, security, and reporting for the requested computers. When you request this authority, you are saying that you will provide your own IT support and will not request support from Technology Services other than hardware warranty issues or to re-image your computer. (You also cannot request help from a 3rd party unless you first obtain a vendor contract with A&M where they agree to abide by A&M security rules.)
See https://itsecuritycenter.tamu.edu/requirements/ for the A&M IT security requirements.
Effective December 19, 2016
Texas A&M University has implemented a set of Information Security procedures for the protection of computing devices and the data stored within them. The College of Education and Human Development (CEHD) is responsible for devices owned by any unit within the college and is required to submit an annual security risk assessment on these resources. In addition, the CEHD Dean is required to approve security plans as well as the annual risk assessments for all devices. (TAMU SAP 29..01.03.M0.01 2.5, 3.1, 3.2) The operational responsibility for these devices as well as the creation of risk assessments has been delegated to Technology Services within the CEHD Dean’s Office.
In order to maintain all college devices, administrative control of all CEHD information resources must remain with Technology Services whenever feasible. (Some devices such as tablets do not have the concept of administrative accounts, so are excluded but security plans and risk assessments must still be submitted.) This control allows Technology Services to enforce security policies and system settings, verify that only legally licensed software is installed, as well as implementing other automated tasks.
However, some job responsibilities may require that you can make administrative changes to your system(s) without waiting for Technology Services. In these cases, you may request approval from the CEHD Dean to take over operational responsibility (i.e. administrative authority, admin rights) for specified devices.
As part of this responsibility, you must
- Agree to read, understand, and implement all relevant rules regarding the protection of information resources. (See https://itsecuritycenter.tamu.edu/requirements/)
- Prepare a Security Plan in accordance with TAMU Control Catalog item PL-2. A template is provided.
- Agree to complete an annual risk assessment following requirements from the TAMU Office Information Technology Risk Management and submit the risk assessment to the CEHD ISO by March 1 each year. A reminder with specific instructions will be sent by the ISO at the beginning of each year. A template is provided.
- Submit your security plan and the signed request form to Arlen Strader for review.
- Once the security plan is confirmed to be complete, the plan and request form will be forwarded to the CEHD Dean for approval.
- If approved, you will need to coordinate with Technology Services to setup administrative rights on your computer(s).
(Note: anyone who was granted Admin Rights prior to December 31, 2016 will be grandfathered in so a new request for admin rights is not needed. However, you will need to complete a Security Plan and answers to the NIST questions each year to be included in the college's annual IT security report to A&M.)
- Administrative Authority Request Procedure and Form
- IT Security Plan (Blank)
- NIST Questions
- These 43 questions need to answered and submitted each year as part of annual IT security report.
- Example answers and notes are included to aid you in answering the questions. You should change any answers that differ for your situation.
The IT Security Plan and NIST Question answers will be provided to Auditors in the event of an IT audit.