Number: 
Creation Date:  2024-11-21
Category:  Risk Management
Effective Date:  2024-11-21
Version:  1.0
Last Reviewed:  2024-09-12
Security Classification:  Protected A
Scheduled Review Date: 2025-11-30
Status:  Approved

Description:
Please note that information classified as Protected (per the Data and Information Security Classification standard) is only accessible to Government of Alberta Employees. External users are therefore not able to download this document. To request access, please contact us: imt.policy@gov.ab.ca.

​​​This directive establishes minimum cybersecurity requirements to control who and what can access GoA systems and data. It ensures that the right individuals gain access to the right materials and records at the right time, as well as making it safe, secure, and simple to change access rights, group memberships, and other key attributes as users and systems, change, are added, or removed​.​​​​​​​


Keywords: authentication, access requests, privileged accounts, separation of duties, least privilege, need to know, zero trust