Skip to main content

Identity Security Governance Overview

The Texas A&M University System maintains a coordinated identity security posture rooted in clear governance expectations, standardized security controls, and respect for the operational independence of each system member. Identity governance and administration (IGA) functions--such as account lifecycle management, role assignment, provisioning, and access oversight--remain the responsibility of each member institution. This approach preserves the long-standing principle that members manage their own user populations, business processes, and operational workflows, while still aligning to system-level requirements that ensure consistency, interoperability, and security across the enterprise.

System-Level Requirements

While members retain discretion in how they implement and operate their local identity governance capabilities, several requirements are established through system security control standards and associated cybersecurity policies. These requirements define the minimum conditions under which identity systems must operate to safeguard institutional resources and protect shared services.

Multi-Factor Authentication (MFA)

All members must enforce multi-factor authentication for institutional systems that handle sensitive data, provide administrative access, or interface with shared enterprise services. The use of MFA is a cornerstone of the system’s defense-in-depth model, reducing the risk of credential compromise and ensuring that every entity accessing protected resources is strongly verified. Read more about approved MFA methods here.

Identity Proofing for Medium-Assurance Identities

Users who require medium assurance—-typically those accessing elevated, sensitive, or cross-institutional services (also known as Identity Assurance Level (IAL) 2)-—must undergo appropriate identity proofing. Members may use approved electronic verification, in-person validation, or system-defined proofing mechanisms that meet assurance criteria. This requirement ensures that identities accessing critical services are trustworthy, traceable, and validated according to consistent standards. Read more about the InCommon Federation's Baseline Expectations here.

Participation in TAMUFederation and InCommon Federation

Members are required to participate in both TAMUFederation and the InCommon Federation to support secure inter-institutional authentication and federated access. These federations provide a trusted framework for identity interoperability across the system and with national research and academic partners. Participation enables members to retain control of their local identity stores while ensuring their identities can be securely recognized and trusted by shared services and external collaborators. Read more about TAMUFederation and InCommon Federation.

Member Discretion Within a Unified Framework

The governance model is intentionally flexible. Each system member may select the tools, platforms, and administrative processes that best support its environment, provided these selections comply with established system standards. This balance supports innovation, preserves institutional autonomy, and upholds the system’s long-standing culture of member-led IT management—-while ensuring identity security remains strong, uniform, and aligned with modern requirements.