Body
To help ensure the security and accountability of university users and related computer systems being accessed, users' access must abide by the following standards.
Requirements
- Access to most computing resources is controlled and monitored by the usage of user accounts
- A user's account may not be transferred to another person or group.
- Individuals receiving a user account assume responsibility for all computing activity performed under that user account (whether he or she personally performs the activity or not)
- Users must authenticate to the computing resource using the named account issued to them, not a generic resource account, for authentication purposes.
- University IT support staff may use special accounts not following account standards while performing support duties.
- All remote administrator tasks must be performed through secure protocols.
- Remote access to workstations must be established through the use of secure technologies.
- Third-party remote access (i.e. vendor support) must be conducted using secure methods.
- Access should be limited to the duration of an incident or support request and should not persist outside of the active issue remediation.