IT Account and Access Procedure



Similar documents
Christchurch Polytechnic Institute of Technology Access Control Security Standard

VCU Payment Card Policy

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

The user authentication process varies from client to client depending on internal resource capabilities, and client processes and procedures.

Systems Support - Extended

GUIDANCE FOR BUSINESS ASSOCIATES

Personal Data Security Breach Management Policy

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

edoc Lite Recruitment Guidelines

Immaculate Conception School, Prince George Bring Your Own Device Policy for Students

Data Protection Policy & Procedure

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

DisplayNote Technologies Limited Data Protection Policy July 2014

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

THIRD PARTY PROCUREMENT PROCEDURES

Information Services Hosting Arrangements

Wire Transfer Request

Change Management Process For [Project Name]

Cloud Services MDM. Windows 8 User Guide

ADMINISTRATION AND FINANCE POLICIES AND PROCEDURES TABLE OF CONTENTS

New York Institute of Technology Faculty and Staff Retention Policy

GETTING STARTED With the Control Panel Table of Contents

Access EEC s Web Applications... 2 View Messages from EEC... 3 Sign In as a Returning User... 3

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

Grants Online. Quick Reference Guide Grant Recipients

Information Technology Services Logical Access Procedure. Prepared by: Jefferson Wells. Desk Procedure - Logical Access Final Draft Last Modified:

EA-POL-015 Enterprise Architecture - Encryption Policy

ABELMed Platform Setup Conventions

Issuing of qualifications and statement of attainment Policy and Procedures Version: 3.0 Last Modified: 1 March 2015

Internet and Policy User s Guide

Symantec User Authentication Service Level Agreement

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

HIPAA HITECH ACT Compliance, Review and Training Services

Merchant Processes and Procedures

SaaS Listing CA Cloud Service Management

Information & Communications Technology ICT Security Compliance Guide (Student)

Issuing of qualifications and statement of attainment Policy and Procedures Version: 5.0 Last Modified: 12 February 2015

iphone Mobile Application Guide Version 2.2.2

RSA SecurID Software Token Security Best Practices Guide. Version 3

IMT Standards. Standard number A GoA IMT Standards. Effective Date: Scheduled Review: Last Reviewed: Type: Technical

Accessible Service Policy

Electronic and Information Resources Accessibility Compliance Plan

CHANGE MANAGEMENT STANDARD

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

ES PROCEDURES FOR OVERPAYMENT RECOVERY

How To Ensure That The Internet Is Safe For A Health Care Worker

FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Configuring BMC AREA LDAP Using AD domain credentials for the BMC Windows User Tool

Juniper Networks Product End-of-Life

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE Savision B.V. savision.com All rights reserved.

Vantiv eprotect iframe Technical Assessment Paper Prepared for:

PCI Compliance Merchant User Guide

Agency Fund (Non-Student Org X-Fund) Guidelines Last Revision: 12/7/2009

LINCOLNSHIRE POLICE Policy Document

MaaS360 Cloud Extender

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

In addition to assisting with the disaster planning process, it is hoped this document will also::

.100 POLICY STATEMENT

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Remote Working (Policy & Procedure)

Online Banking Agreement

Loss Share Data Specifications Change Management Plan

Session 9 : Information Security and Risk

State of North Carolina. Statewide Information Security Manual. Prepared by the Enterprise Security and Risk Management Office

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

Transcription:

IT Accunt and Access Prcedure

Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release

Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1 User Requirements... 1 4.2 Technical Requirements... 1 4.3 Prcedural Requirements... 2 4.4 Bad Passwrd Practices:... 2 4.5 Passwrd Self Service... 3 5.0 Accunt Management... 3 5.1 Accunt Taxnmy... 3 5.2 Granting Access... 3 5.3 Administrative Accunts:... 3 5.3.1 Administrative Accunt Passwrd Requirements:... 4 5.3.2 Tw-factr authenticatin fr Administrative Accunt:. Errr! Bkmark nt defined. 5.4 Temprary Privilege Accunts:... 4 5.5 Reevaluatin f System Access... 4 5.6 Revking Access... 4 6.0 Enfrcement... 4 7.0 Related Plicies, Prcedures, and Cdes f Cnduct.... 4 Appendix A: Active Directry Passwrd Cnfiguratin... 5 Appendix B: IT Accunt and Access Prcedure Exceptin... 6

1.0 Overview All individuals wh access the University f Nrthern Clrad s cmputing infrastructure have a respnsibility t safeguard these systems and data. User accunts and passwrds are tw mechanisms thrugh which this is accmplished. This prcedure establishes the rules by which user accunts and passwrds shuld be managed and used n any cmputing resurce belnging t the University. 2.0 Purpse The ability t access infrmatin and/r applicatin systems within UNC s cmputing envirnment must be based n clearly defined business requirements. This dcument aids in establishing clear definitin fr accunt and passwrd management. 3.0 Scpe This Prcedure applies t emplyees, cntractrs, cnsultants, temprary emplyees, and ther wrkers at UNC including all persnnel affiliated with third parties. This Regulatin applies t all equipment that is wned r leased by UNC. 4.0 Passwrds Passwrds are an imprtant frm f prtectin used t ensure that the University s infrmatin is stred and prcessed in a secure manner. Due t this, passwrds must be defined and implemented in accrdance with a minimum set f standards. This sectin establishes the rules by which passwrd shuld be assigned and used n any cmputing resurce belnging t the University 4.1 User Requirements Users are respnsible fr all activity perfrmed with their individual user-id. User-IDs may nt be utilized by anyne the individuals t whm they have been issued. Users must nt allw thers t perfrm any activity with their user-ids. Similarly, users must nt perfrm any activity with IDs belnging t ther users. Users must chse their wn passwrds. They shuld nt be easily guessed but easy enugh fr the user t remember withut writing it dwn. Users are respnsible fr maintaining the security f their passwrds. Passwrds shuld NEVER be shared, written dwn, r stred electrnically. If a user must write a passwrd dwn, it shuld never be written n smething that can be assciated with the user (i.e. business cards). If passwrds need t be stred electrnically an encryptin schema that is apprved by the Office f Infrmatin Security must be used. (See Appendix B IT Accunt and Access Prcedure Exceptin) The sharing f a single user ID r assciated passwrd amng several users is prhibited Prir t receiving an accunt, all users must sign a statement acknwledging that they have received and reviewed the university s IT acceptable user regulatin. Access t varius types f infrmatin may be blcked. Individuals will be required t btain apprpriate apprval prir t being allwed access. Individuals accessing university data withut a valid business need may be subject t disciplinary actin. If a user believes their passwrd has been cmprmised, the user shuld cntact the UNC Technical Supprt Center immediately fr assistance. 4.2 Technical Requirements Persnal cmputers shall have a screen saver passwrd set t autmatically engage after 10 minutes f inactivity. Where technically feasible all systems will at a minimum prmpt fr user ID and emply passwrds fr accunt access. All accunts must be disabled after 5 unsuccessful lgn attempts. Where technically feasible passwrd cmplexity must be prgrammatically enfrced. Passwrds must be a minimum f 9 characters lng fr all user accunts. Page 1 9/26/2006

Passwrds shuld nt be displayed in plain text n the mnitr when entered. Where technically feasible single-sign-n technlgy shuld be used. Passwrds must cntain characters frm at least three f the fllwing fur classes: Upper case letters Lwer case letters Numeric (0 t9), this shuld nt be the first r last character One special character, this shuld nt be the first r last character Where technically feasible a passwrd histry f 14 passwrds must be retained t limit passwrd reuse. Where technically feasible the minimum passwrd age shall be 1 day. User accunts must change passwrds every 90 days. Users must be able t change their wn passwrd independent f any external party. 4.3 Prcedural Requirements Administrative accunts must fllw the prcedures identified in sectin 5.2.1. TSC persnnel must verify the identity f a user prir t resetting the passwrd. Identity verificatin may be dne by using vicemail call back r by sme ther apprved frm f identity verificatin. A system administratr must manually unlck accunts. New accunts r accunts fr which a passwrd has been reset must be set t expire at the next lgin attempt. Passwrds must nt be embedded in scripts r applicatin cde and will nt be used in URL passing. Fr internet applicatin, separate the delivery f user ID and passwrds is required. All new r reset passwrds must meet cmplexity rules and be randmly generated. N cmmn r default passwrds will be used. N default system and applicatin passwrds are allwed. Passwrds exempted frm regular changing must have an apprved exceptin. Exceptins must be apprved by the Office f Infrmatin Security and the apprpriate directr fr the respective IT unit. The passwrd will be a minimum f 12 characters (r the maximum permitted by technlgy, whichever is less) in length. Upn renewal f the exceptin, the passwrd must be changed. User accunts with nn-expiring passwrds are prhibited. 4.4 Bad Passwrd Practices: The fllwing are sme examples f practices and behavirs that can result in weak r bad passwrds. Under n circumstances shuld individuals use passwrds that utilize the fllwing: Passwrds that match the accunt ID Passwrds that cntain the user accunt wner s name, first middle r last. Passwrds that cntain the users bear ID r Scial Security number Any vendr r prduct name Any cnsecutive r repeating keybard characters e.g. 123, jkl Individuals are strngly urged t nt use the fllwing when creating there passwrds: The name f a fd, celebrity, sprt r sprts team IT Accunt and Access Prcedure Wrds that are fund in cmmn dictinaries English r therwise Using sequential passwrds Passwrds that cntain family member r pet names Page 2 9/26/2006

4.5 Passwrd Self Service Passwrd Self Service is a pwerful and very useful tl. This technlgy can reduce supprt csts and significantly reduce supprt calls. The benefits frm these tls are significant. Hwever, due t the very pwerful nature f these tls precautins must be in place t guard against misuse and abuse. The fllwing are base level guidelines that a passwrd self service slutin must meet. Servers and systems used t prvide passwrd reset activities must be sufficiently secured and have limited well defined access rights. All passwrd reset related activities must be handled via an encrypted channel At n pint in the passwrd reset prcess shuld any data used t reset passwrds be passed in clear text. Infrmatin gathered and used t perfrm passwrd resets must be sufficiently unique t the given individual. Infrmatin that a large number f individuals may have in cmmn shuld nt be used t reset user passwrds. Infrmatin gathered and used t perfrm passwrd resets must nt be easily guessed r easily btained. Examples include but are nt limited t the fllwing: Mthers maiden name Data f birth Place f birth Favrite Clr 5.0 Accunt Management User accunts are the primary frm f digital identity and access t UNC cmputing resurces. As such, it is vitally imprtant that these digital identities be managed in a cnsistent fashin. The fllwing utlines accunt management practices fr the University f Nrthern Clrad. 5.1 Accunt Taxnmy The fllwing naming standards will be used fr all accunts created within the universities cmputing envirnment. User accunts: first name.last name Administratr accunts: last.admin Service accunts: unique descriptin.service (In additin t a standard descriptins a primary cntact must be defined and dcumented in a descriptin r cmments field fr the accunt. The primary cntact shuld be defined by psitin as well as name.) 5.2 Granting Access Netwrk access must be granted based n business requirements. Privileges will be granted nly when there is a legitimate need. User accunts require prper authrizatin prir t being established. T maintain individual accuntability and system integrity, user IDs must be unique within and acrss cmputing platfrms. Each cmputer and cmmunicatin system user-id must uniquely identify nly ne user. Shared r grup user-ids are permitted nly when the use f a unique user-id is nt feasible. Exceptins must be dcumented and apprved by management and the Office f Infrmatin Security. 5.3 Administrative Accunts: Each request fr administrative rights will be made in writing and will include the fllwing: Justificatin fr the need fr the accunt Line management apprval Page 3 9/26/2006

Infrmatin Security Office apprval IT Management apprval 5.3.1 Administrative Accunt Passwrd Requirements: Accunts that have elevated privileges must adhere t the fllwing passwrd requirements: All administrative, technical supprt accunts, and accunts deemed t have privileged access must change there passwrd every 45 days. These accunts, where technically feasible, must make use f a 14 character passwrd. Passwrd, where technically feasible, must cnsist f uppercase, lwercase, numbers, special characters, and extended ASCII characters. 5.4 Temprary Privilege Accunts: Temprary privilege accunts will be re-evaluated every 6 mnths. Temprary privilege accunts will nly be issued at the discretin f the UNC Infrmatin Security Office with the apprval f IT management. Duratin f such accunts will be negtiated based upn the business need and nly when there is n viable alternative slutin. These accunts will be limited in functin, allwed nly t perfrm the required task/s. Prjects: When privileges are granted fr a particular prject, these privileges will be revked at the cmpletin f the prject. 5.5 Reevaluatin f System Access System privileges shuld be reviewed n a peridic basic. Accunt and privileges that n lnger apprpriate must be prmptly revked. All user accunts that have been inactive fr 60 cnsecutive days will be reviewed, disabled, and deleted frm the system as necessary. New accunts nt activated within 14 days must be disabled. 5.6 Revking Access The fllwing guidelines specify the requirements fr separatin f emplyees and cntractrs. User accunt shall be immediately disabled upn separatin frm the university. As part f the separatin Human Resurces will submit a request t the TSC t have the accunt disabled. Reactivating an accunt that has been disabled will require the user t fllw the initial request prcess. 6.0 Enfrcement Thse fund t have vilated this regulatin may be subject t suspensin f cmputer access privileges. 7.0 Related Plicies, Prcedures, and Cdes f Cnduct. All applicable laws and University plicies, regulatins and prcedures bind UNC students and emplyees. UNC Acceptable Use Regulatin: Page 4 9/26/2006

Appendix A: Active Directry Passwrd Cnfiguratin Active Directry Passwrd Plicy Setting: Plicy Enfrce passwrd histry Maximum passwrd age Minimum passwrd age Minimum passwrd length Passwrd must meet cmplexity requirements Stre passwrds using reversible encryptin Setting 14 passwrds remembered 90 days 1day 9 characters Enable Disabled Accunt Lckut Settings: Plicy Accunt lckut duratin Accunt lckut threshld Reset accunt lckut cunter after Setting lckut until unlcked by admin 5 invalid lgn attempts 30 minutes Page 5 9/26/2006

Appendix B: IT Accunt and Access Prcedure Exceptin IT Accunt and Access Prcedures exceptin can nly be granted after a security review and with applicable functinal area directr apprval. Exceptins will nly be granted in cases where there is a well justified need and business case fr nt adhering t IT Security Prcedures. Mitigating cntrls will be required in any case were an exceptin t this prcedure is granted. These cntrls must be apprved by the Office f Infrmatin Security and dcumented in this frm. Exceptins are granted fr a maximum f 12 mnths but can be granted fr intervals shrter then 12 mnths. Upn expiratin f an exceptin a review will be cnducted with the requester and the validity f the exceptin examined. If the exceptin is still deemed necessary and prudent the requester must submit a new exceptin frm fr the new time perid. Passwrds fr the accunt must be changed at the expiratin f any given exceptin. Requester: Psitin: Department: Accunt Name: Technical Reasn fr Exceptin: Business Justificatin: Security Requirements and Mitigating Cntrls: Security Apprval Print Name: Sign: Date: Unit Directr Apprval: Print Name: Sign: Date: Exceptin Terminatin (Max 12 Mnths): Page 6 9/26/2006

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information