Definitions
Account: Any combination of a User ID (sometimes referred to as a username) and a password that grants an authorized user access to a computer, an application, the network, or any other information or technology resource.
Inactive: Accounts that are inactive are defined as any account that has not been identified as participating or being enrolled at Montana Tech for more than one year. This includes, but is not limited to, student or dual enrollment accounts. Any alumni or retiree accounts left unused for 6 months will be removed.
Security Administrator: The person responsible for monitoring and implementing security controls and procedures for a system. While Montana Tech may have one Information Security Officer, technical management may designate multiple security administrators.
System Administrator: The person responsible for the effective operation and maintenance of information systems, including implementing standard procedures and controls to enforce the organization’s security procedures.
Overview
Computer accounts are the means used to grant access to Montana Tech's information systems. These accounts provide accountability, a key component of any computer security program, for Montana Tech usage.
Creating, controlling, and monitoring all computer accounts is essential to an overall security program.
Purpose
The purpose of this procedure is to establish a standard for the creation, administration, use, and removal of accounts that facilitate access to information and technology resources at Montana Tech.
Audience
This procedure applies to employees, students, directors, volunteers, contractors, consultants, temporary workers, and other workers at Montana Tech, including all personnel affiliated with third parties with authorized access to any Montana Tech information system.
Procedure Detail
Accounts
- Accounts are created based on data entered into HR for employees and Admissions/Enrollment for students.
- All accounts must be uniquely identifiable using the assigned username.
- All default passwords for accounts must comply with the Montana Tech Password Procedure.
- All accounts must have a password expiration that aligns with the Montana Tech Password Procedure.
- Concurrent connections may be limited for technical or security reasons.
- All accounts must be disabled immediately upon notification of an employee’s termination.
Account Management
- Information system user accounts are to enforce the most restrictive set of rights, privileges, or accesses required for task performance associated with an individual’s account.
- All information system accounts will be actively managed, including establishing, activating, modifying, disabling, and removing accounts from information systems.
- Access controls will follow established procedures for new employees, employee changes, terminations, and leaves of absence.
- All account modifications must follow a documented process to accommodate situations such as name changes and permission changes.
- Information system student accounts are to be reviewed annually to identify inactive accounts. If a student account is found inactive (Inactive Accounts) for more than 365 days, the account will be disabled pending deletion. If the individual contacts Montana Tech regarding their account, a temporary 7-day grace period can be granted to restore access. After the grace period expires, no additional time will be allotted, and the account will be deleted.