Definitions
Account: Any combination of a User ID (sometime referred to as a username) and a password that grants an authorized user access to a computer, an application, the network, or any other information or technology resource.
Inactive: Accounts that are inactive are defined as any Account that has not been identified as participating or being enrolled at Montana Tech for more than one Year. This includes but is not limited to Students or Dual Enrollment Accounts. Any Alumni or retiree Accounts that have been left unused for 6 months will be removed.
Security Administrator: The person charged with monitoring and implementing security controls and procedures for a system. Whereas Montana Tech may have one Information Security Officer, technical management may designate a number of security administrators.
System Administrator: The person responsible for the effective operation and maintenance of information systems, including implementation of standard procedures and controls to enforce an organization’s security Procedure.
Overview
Computer accounts are the means used to grant access to Montana Tech's information systems. These accounts provide a means of providing accountability, a key to any computer security program, for Montana Tech usage.
This means that creating, controlling, and monitoring all computer accounts is very important to an overall security program.
Purpose
The purpose of this Procedure is to establish a standard for the creation, administration, use, and removal of accounts that facilitate access to information and technology resources at Montana Tech.
Audience
This Procedure applies to the Employees, Students, Directors, volunteers, contractors, consultants, temporaries, and other workers at Montana Tech, including all personnel affiliated with third parties with authorized access to any Montana Tech information system.
Procedure Detail
Accounts
- Accounts are created based on the data entered into HR for Employees and Admissions/Enrollment for Students
- All accounts must be uniquely identifiable using the assigned username.
- All default passwords for accounts must be constructed in accordance with the Montana Tech Password Procedure.
- All accounts must have a password expiration that complies with the Montana Tech Password Procedure.
- Concurrent connections may be limited for technical or security reasons.
- All accounts must be disabled immediately upon notification of any employee’s termination.
Account Management
The following items apply to System Administrators or designated staff:
- Information system user accounts are to be constructed so that they enforce the most restrictive set of rights/privileges or accesses required for the performance of tasks associated with an individuals account.
- All information system accounts will be actively managed. Active management includes the acts of establishing, activating, modifying, disabling, and removing accounts from information systems.
- Access controls will be determined by following established procedures for new employees, employee changes, employee terminations, and leave of absence.
- All account modifications must have a documented process to modify a user account to accommodate situations such as name changes and permission changes.
- Information system Student Accounts are to be reviewed Annually to identify inactive accounts. If a Student account is found to be inactive (Inactive Accounts) for more than 365 days, the Account will be disabled pending deletion. If the individual utilizing the Account Contacts Montana Tech regarding their Account, a temporary 7 day grace period can be granted to restore access. After the 7 day grace period has expired, no additional time will be allotted and the Account will be scheduled for deletion.