The college shall utilize automated mechanisms to enforce Multi-Factor Authentication (MFA) for remote network access, third-party systems, applications, and services, as well as non-console access to critical systems or systems that store, transmit, and/or process sensitive/regulated data.

In accordance with NIST 800-53r5 controls, the college shall enforce a Role-Based Access Control (RBAC) policy that applies need-to-know and fine-grained access control for sensitive/regulated data access.

The organization will enforce Logical Access Control (LAC) permissions that adhere to the principle of "least privilege," ensuring that users only have access to the resources necessary to fulfill their job responsibilities.

The college implements NIST 800-53r5 control AC-6 (Least Privilege) to ensure that only authorized users have access to resources and information necessary to conduct their assigned tasks in alignment with the college's business functions.

The college shall develop and maintain documented incident response processes and procedures in accordance with NIST 800-53r5 controls to ensure an organization-wide capability to promptly detect, respond to, and recover from cybersecurity and data privacy incidents.