USF Network Access Control Policy
Access controls are designed to minimize potential exposure to the University resulting from unauthorized use of resources and to preserve and protect the confidentiality, integrity and availability of the University networks, systems and applications.
Access to the university network will only be provided to users based on their affiliation with the institution, as well as, business requirements, job function, or responsibilities. All additions, changes, and deletions to individual system access must be approved by the appropriate supervisor and communicated to the Director of Network Support Services via email, with a valid business justification.
Network accounts for students are created via an automated system, while faculty and staff accounts are created upon notification from the Human Resources department. Account creation, deletion, and modification, as well as, access to network resources and storage are completed by Network Support Services (NSS).
All users of the university network will abide by the following set of standards:
- Users will be provided a unique account provisioned by NSS.
- The user’s password will conform, at a minimum, to be 12 characters long and will require changing every one year.
- Inactive student accounts will be disabled after 24 months of inactivity.
- Employees accounts will be deactivated upon notification from HR, the immediate supervisor or 30 days after the employee has left University employment. Exceptions to this rule are made for emeritus faculty and staff and upon request by the departed employees immediate supervisor in writing, via email, to the Director of NSS.
- Access may be monitored when an account is in use, upon request from immediate supervisor or Dean for valid business justification.
- Repeated access attempts will be limited by locking out the user ID after not more than five attempts.
- Lockout will require reactivation by the Technology Support Center and/or NSS.
- If a session has been idle for more than 15 minutes, the user is required to re-enter their password to re-activate the workstation.
- Users may not share their login credentials with other users of the system.
Administration for user access
- Users will abide by the above user access guidelines.
- NSS will immediately revoke all a user’s access to network services and storage when a change in employment status, job function, or responsibilities is communicated to the NSS department by the Human Resources Department or the immediate supervisor in writing and/or email to the Director of NSS.
- Faculty and staff accounts are created and provisioned by departmental affiliation for access to collaborative areas for data and file sharing purposes. Cross departmental access may be requested by the immediate supervisors, of said departments, to the Director of NSS via email.
- Access to faculty and staff network data and email may be granted to the immediate supervisor upon communication to the Director of NSS via written document or email, with valid business justification.
- Generic student worker accounts may be created for student workers in administrative offices for assigned work purposes only. These accounts are provisioned upon the request of the supervisor of the area, in writing via email, to the Director of NSS. These accounts are to be managed by the department supervisor and periodic password changes should be made as student worker turnover warrants.
- Network data storage is routinely backed up for recovery purposes. In the event that a user requires data retrieved from these backups, NSS should be contacted for resolution.
Network Storage areas access
- General shared file storage areas are defined on the network for use by students, faculty and staff. These areas are defined by the individual affiliation with the institution. They are –
- Faculty Common area – Faculty access only
- Admin Common area – Administrators and staff access only
- FacAdmin Common area – Faculty, administrators and Staff access only
- Student Common area – Staff and Faculty full access – Students read only
- Personal file storage areas are defined for each user and are designated as the M: drive. This area is accessible by the individual user only and is intended for the storage of business and educational related files and data.
- Other storage areas are defined on the network for collaborative work performed by a variety of individuals. These areas are provisioned and user access control is managed by the NSS department. Requests for business related shared space should be sent to the Director of NSS via email specifying the business justification and the departments and/or individuals that should be provided access. Ongoing management of user access to these specific areas should be managed by contacting NSS with additions or deletions of user access.