IS&T Policies: Access Control Policy

News and information about MIT’s central IT department


MIT's building access control and physical security technology infrastructure is managed by IS&T with oversight and guidance from the Campus Safety Working Group and subject to governance by the Information Technology Policy Committee and Information Technology Governance Committee.

Only digital credentials issued via the MIT Atlas mobile application, cards printed by MIT kiosks, or cards issued by the Atlas Service Center are permitted to be used with MIT access control systems. Departments, labs, and centers at MIT may not produce or issue alternative credentials or devices for use with MIT building access control or physical security systems.

MIT's access control systems collect information outlining the locations, dates, and times where ID cards have been used. This information is held in the strictest of confidence. Records are generally retained for 90 days. Within that period, information may only be used in the following ways:

  • IS&T may use card access log information for system maintenance purposes, to troubleshoot problems with card access or security equipment, or problems with the ID cards themselves.
  • The MIT Police is the only group that will be granted card access log data upon request. MIT Police may request card access log data as part of a criminal investigation.


  • Any request for card access logs outside of MIT Police must be approved by the MIT Campus Safety Working Group (CSWG).
  • IS&T may refer requests for review as needed by the CSWG for anything relating to MIT's access control and physical security systems.