IAM Ongoing Efforts - UWM Credential Assurance

What

The UWM IAM Credential Assurance initiative will implement required changes to how UWM electronically identifies individual members of the community using the ePantherID and associated password. Compliance with the initiative’s processes and procedures will be enforced by Section III D of the UW-Milwaukee Information Security Policy. At the request of UW System, UITS submitted an estimated time line to reach compliance by September 2012.

Why

  • Some members of the campus community need access to sensitive personal information while doing their jobs. Increasingly this access requires a higher level of protection and this higher protection is already a requirement for the HRS service. This higher level of protection may be desirable for services such as PAWS for the same risk management reasons that motivated the HRS requirement.
  • UWM’s goals of expanding its research portfolio and providing higher education access to the broadest possible audience will be facilitated by adopting the appropriate practices and framework for federation through InCommon (incommon.org).

How Does This Initiative Affect the Campus Community?

  • Some Individuals that must have an ePantherID with an associated strong credential will be required to follow additional processes to obtain their ePantherIDs, and establish and maintain their passwords over time. 
  • There may be changes to how services are delivered. These changes will likely be low impact but may require formalizing some processes and discontinuing other processes or past accommodations.

How Does This Initiative Affect Campus IT Professionals?

  • Individuals responsible for the design, implementation, deployment, ongoing maintenance, or operation of any service that stores or has access to the clear text version of the credential associated with the ePantherID will be subject to additional information security compliance requirements and be required to follow additional IT service management processes and procedures. 
  • Individuals responsible for the design, implementation, deployment, ongoing maintenance, or operation of any service that validates or utilizes the credential associated with the ePantherID may be required to follow additional IT service management processes and procedures.

More Information