Special Access Policy

Tags policy

What Is It?

This policy provides a set of requirements for the regulation of special access use on the Montana Tech Computer System. This policy will provide a mechanism for the addition and removal of people from the special access status and a mechanism for periodic reviews of the special access status.

Special Access Policy

This policy provides a set of requirements for the regulation of special access use on the Montana Tech Computer System. This policy will provide a mechanism for the addition and removal of people from the special access database and a mechanism for periodic reviews of the special access status. The documents to be included as parts of this policy are the Special Access Request form and the Special Access Guidelines agreement. 
 
1.0 Policy For Regulation of Special Access Accounts:
 
1. Special access on Montana Tech systems is maintained and monitored at the discretion of Montana Tech Network Services.
2. Passwords for special access accounts must be changed on a regular basis, as suggested by Montana Tech CSO and CSA.
3. Individuals authorized to receive special access elevation or passwords should be required to pick up and sign for said passwords from local authority.
4. Special access is only provided to individuals who need said access to perform their job.
5. Any misuse of special access privileges must be reported to the Montana Tech Computer Security Officer, CSO, within 24 hours.
6. System, Administrative or root accounts are to be strictly limited and monitored by the Montana Tech CSO, CSA or LSA
7. Persons requesting special access must follow all procedures outlined in section 2.0 of this document.
8. Persons who misuse their special access privilege can have said access revoked as outlined in Section 4.0 of this document.
9. Contents of the special access database is reviewed on a periodic basis as outlined in Section 3.0 of this document.
10. All persons who currently (prior to the approval of this policy) have special access are required to submit a completed Special Access Request form and a signed Special Access Guidelines agreement.
 
2.0 Policy for Acquiring Special Access:
 
1. All persons requesting special access must complete a Special Access Request form. A separate form must be completed for each resource.The appropriate people for approval should be listed.
2. All persons requesting special access must read and sign the Special Access Guidelines Agreement. This agreement discusses the do’s and don’ts of using special access. Once a person signs the agreement he/she is then bound to abide by its contents. The signed copy original should be kept by the appropriate authority.
3. Any person refusing to sign the Special Access Guidelines Agreement will not be provided special access.
4. Persons with special access are to inform the Montana Tech Computer Security Officer and/or the Montana Tech Network and Systems Manager if their special access requirements change.
 
3.0 Policy for Performing a Periodic Review of the Special Access Database:
 
1. A review of the special access database will be made on a regular basis or as determined by the Montana Tech Computer Security Officer (CSO). The review process will involve the following steps:
2. Two reports have significance. One report lists special access by system and access type. The second report lists the access by person (i.e., for each person, all access given to that person is listed).
3. If anyone determines that an individual needs to be added to other special access groups, that individual must submit a Special Access Request form requesting additional access to the appropriate resources administrator (e.g., print operators, power users)

4.0 Policy for Removing People From the Special Access Database:
 
1. A person may be removed from the special access status for one of three reasons:  the person no longer works at Montana Tech  the person no longer needs special access due to a change in job duties  the person has violated the Special Access Guidelines agreement.
2. A person may be removed from the special access status at any time as determined by the Montana Tech CSO during one of the regular reviews of the database as described in Section 3.0.
3. The procedures for removing a person from the special access database are as follows: 
 
Case One: Person no longer works at Montana Tech
1. Fill out a Separation of Service form implying the removal of all access.
2. Have Montana Tech Computer Security Officer, or his designated assistant, sign form.
3. Secure or remove special access status immediately.
 
Case Two: Person no longer needs special access due to a change in job duties
1. Fill out Special Access Request Form specifying the removal of elevated access(es).
2.  Have appropriate Subsystem Managers and/or Resources Administrator sign form        
3. Secure or remove special access status immediately.
 
Case Three: Person violated the Special Access Guidelines agreement
1. Appropriate people (i.e., Subsystem manager, Resource Manager Montana Tech Computer Security Officer, Dean, Department Head) must decide if the violation constitutes removal of all special access of that person or just the special access involved.
2. Fill out appropriate forms specifying removal of appropriate access; have appropriate administrators sign.
3. Secure or remove special access status immediately.