PROCEDURE
PAGESUBJECT / PROCEDURE: INFORMATION SYSTEMS—AUTHORIZATION FOR COLLEGEWIDE NETWORK SECURITY PASSWORDS / P1.8106-XXX
LEGAL AUTHORITY / P6Hx23-1.8106 / 10/17/01
Revision #01-10
P6Hx23-1.8106 PROCEDURE: INFORMATION SYSTEMS—AUTHORIZATION FOR COLLEGEWIDE NETWORK SECURITY PASSWORDS
PURPOSE AND INTENT:
To provide a procedure for authorizing and administering the assignment of user accounts and passwords to access the college-wide data communications network.
PROCEDURES—GENERAL:
Because of the importance placed upon user accounts and passwords, and their role in controlling access to the college-wide data communications network, the authorization for assigning or changing user accounts will be given by the Cabinet member to whom the holder ultimately reports. There will be no access without the Cabinet member’s approval. In the absence of that Cabinet member, the vice president of Information Systems can give the approval.
Access controls for user accounts and passwords to the College’s data communications network are provided by Microsoft Windows Domain Security software. Protection against unauthorized users, hackers, other potentially destructive intruders are provided by means of user authentication (i.e. user accounts and password), shared resources permissions, and file system permissions within Windows Domain Security.
Day-to-day administration of authorized user accounts and passwords in the Windows Domain is the responsibility of the College’s HelpDesk located at the Health Education Center, and the network technical support specialist(s) (NTSS) located on various College sites.
PROCEDURES—ON-CAMPUS NETWORK ACCESS:
Requests for additions or deletions of user accounts and passwords for the College’s Windows Domain may be initiated by any College employee and submitted for approval to his/her Cabinet member.
Approved requests shall be forwarded in hardcopy or email to the College’s HelpDesk where user accounts are added and deleted as specified.
For new user accounts, the HelpDesk shall establish and provide the user a temporary password and encourage the user to change the temporary password to a person, more secure one at the earliest practical time.
User passwords must be at least six characters in length and may be alpha characters, numeric, or a combination.
User passwords shall expire and therefore must be changed every 60 days, and old passwords cannot be reused for 4 generations.
As a protection against unauthorized log-on, the Windows Domain Security software shall lock out for 30 minutes any user who attempts greater than 7 unsuccessful log-ons in succession.
Requests for user access to shared resources (shared network folders) and file system permissions shall require the same approvals as listed above. Approved requests shall be submitted in writing to the appropriate NTSS.
Upon termination or resignation of an employee, the employee’s manager shall be responsible for requesting, by email or hardcopy to the HelpDesk, that the employee’s user account be terminated. The HelpDesk shall de-activate the account on the day the approved request is received.
Persons who log on, or otherwise gain access to the College’s data communications network without his/her authorized user account and password are in violation of this Procedure and commit a serious breach of security.
PROCEDURES—OFF-CAMPUS REMOTE NETWORK ACCESS:
Remote access to Email and Web based systems shall be, preferable, accomplished via a commercial Internet Service Provider and, thereby, the College’s Internet Firewall.
Remote access via SHIVA Net-modems (i.e. bypass of Firewall), shall be restricted to the College’s technical staff, or specifically identified individual special needs. These requests may be initiated by any College employee, and submitted for review and approval to his/her Cabinet member.
The director of Network Systems, or the vice president of Information Systems shall give final approval to any remote access via SHIVA Net-modems.
Approved requests shall be forwarded in hardcopy or email from the director of Network Systems and TV Operations or vice president of Information Systems to the NTSS that has been assigned administrative rights to add, delete, and modify user accounts on the SHIVA Net-modems.
Persons who log on or otherwise gain access to the College’s SHIVE Net-modems without their authorized user account and password are in violation of this Procedure and commit a serious breach of security.
Specific Authority: 240.319(2) & (3), F.S.
Law Implemented: 240.319 (4)(v), F.S.; Senate Bill 1162, 2001 Legislature; Rule 6A-14.0261, F.A.C.
History: Adopted 2/16/88. Amended 4/12/88, 7/24/90. Effective 7/31/90, formerly numbered P6Hx23-1.810.2.2; 10/17/01. Filed – 10/17/01. Effective – 10/17/01.
P1.8106-XXX