Authorization Rules: Controls will be configured to ensure access is approved for only company/corporate employees. These controls will be set up based off of the position (job roles) of the employees to ensure they can only access what is required to allow them to perform their duties. The policy will include group membership policies as well as authority-level policies. The employee access will be assigned to the appropriate groups and authority- level policies.
Identification Rules: Employees of Richmond Corporation will be given an employee identification number. Every employee will have a key badge as well in order to enter their building and/or floor if the building contains elevators. The unique employee ID number will be engrained into the employee badge and will be used to allow employees access the corporate system.
Authentication: The key badge given to each employee will be used to allow access and authenticate that employee. An initial temporary password will be applied to each employee logon information and require the employee to change the password on first login. The policy will be set up to ensure that the employees create strong passwords and are required to change their passwords every 60 to 90 days. Employees at higher levels who have access to sensitive information may also be required to use two-factor authentication such as fingerprint biometric access to get into rooms and buildings and/or simply login to their computer system. PIN numbers will be used to access server rooms. Token will be issued to provide access remotely to allow for secure logins.
Accountability: Richmond Corporation IT department will keep record of Log Files to be able to see who has logged into the system and when. The IT department will ensure they keep back-up files of required resources. They will apply access controls using different levels of restriction and access. Multiple security controls will be in