User Access Standards

To help ensure the security and accountability of university users and related computer systems being accessed, users' access must abide by the following standards.

Requirements

1. Access to most computing resources is controlled and monitored by the usage of user accounts
   • A user's account may not be transferred to another person or group.
2. Individuals receiving a user account assume responsibility for all computing activity performed under that user account (whether he or she personally performs the activity or not)
3. Users must authenticate to the computing resource using the named account issued to them, not a generic resource account, for authentication purposes.
   • University IT support staff may use special accounts not following account standards while performing support duties.
4. All remote administrator tasks must be performed through secure protocols.
5. Remote access to workstations must be established through the use of secure technologies.
6. Third-party remote access (i.e. vendor support) must be conducted using secure methods.
   • Access should be limited to the duration of an incident or support request and should not persist outside of the active issue remediation.