| Policy Category | Policy Owner | Version Effective Date | Review Cycle | Last Reviewed | Policy Contact |
|---|---|---|---|---|---|
| X. Information Governance, Security & Technology | SVP, General Counsel, and Chief People Officer | August 29, 2023 | Every 2 years | June 11, 2025 | Information Governance |
- Purpose
ĢƵ provides certain individuals network accounts to allow secure access to ĢƵ Information Technology (IT) Resources. The purpose of this Policy is to establish a consistent set of rules and requirements for the creation, administration, and disabling of access to University Accounts issued to individuals who have applied for admission to ĢƵ, are or have been enrolled in credit or non-credit courses through ĢƵ, and individuals who have completed a degree or certificate program at ĢƵ (the "ĢƵ Learner Community") in order to ensure optimal use of resources while maintaining network security. - Scope
This Policy applies to all individuals including Contractors who are responsible for the creation, management and/or administration, and disabling of University Accounts for the ĢƵ Learner Community. A separate policy, ĢƵ Policy X-1.19B – Account Management (ĢƵ Workforce), applies to the administration of Accounts for those individuals. - Definitions
Defined terms are capitalized throughout this Policy and can be found in the Information Governance Glossary. - Policy Statements
- The creation of and access to Accounts will be based on internal administrative guidelines maintained by ĢƵ and applicable Contractors.
- Information System Stewards shall review Accounts on a periodic basis to determine that the level of User access to these Accounts is appropriate and consistent with the concept of Least Privilege.
- ĢƵ and applicable Contractors, shall ensure that access to IT Resources is disabled when access is no longer required.
- Enforcement
- Anyone with knowledge of an alleged violation of this Policy should notify Information Security as soon as practicable.
- Any employee, Contractor, or other third-party who violates this Policy may be subject to disciplinary action, up to and including termination of employment or contract.
- Standards Referenced
- Most recent versions:
- USM IT Security Standards
- NIST SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”
- Cybersecurity Maturity Model Certification (CMMC)
- Most recent versions:
- Related Policies and Procedures