1.11 Authentication Standard
1.11.1. Overview
See purpose.
1.11.2. Purpose
The purpose is to set a standard for authentication to all Highline ITS systems including but not limited to servers, network devices, workstations, laptops, and mobile devices.
1.11.3. Scope
These rules apply to systems directly under Highline’s control. While we make every effort to utilize Highline credentials to grant access to third-party tools, external systems may occasionally operate under varying rules.
1.11.4. Standard
1.11.4.1 Basic Authentication
Access to all Highline ITS Systems at the very least will require a username/password combination conforming to 1.11 Account Standard and 1.5 Password Standard.
1.11.4.2 Multi-Factor Authentication
When possible, access to servers and network devices will use some form of multi-factor authentication such as Duo Security or Google Authenticator.
1.11.5. Compliance
1.11.5.1 Compliance Measurement
ITS will verify compliance to this standard through various methods, including but not limited to, periodic walkthroughs, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.
1.11.5.2 Exceptions
Any exception to the standard must be approved by ITS in advance.
1.11.5.3 Non-Compliance
An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.
1.11.6. Related Standards, Policies, and Processes
1.11.7. Revision History
| Date | By | Summary |