Highline College

Connect with Highline College

Winter quarter starts January 6. View the class schedule and enroll today for the best selection of classes.

1.6 Account Standard

Home/IT Security/IT Security Policy/1.6 Account Standard
1.6 Account Standard 2024-03-25T12:16:36+00:00

1.6 Account Standard

 

1.6.1. Overview

See purpose.

 

1.6.2. Purpose

The purpose is to set a standard for the creation and use of authentication accounts. Authentication accounts include individual user accounts, administrative/system accounts, and service accounts. These accounts can be both local and domain.

 

1.6.3. Scope

These rules apply to Highline user accounts for systems directly under Highline’s control. While we make every effort to utilize Highline credentials to grant access to third-party tools, external systems may occasionally operate under varying rules.

 

1.6.4. Standard

1.6.4.1 Individual User Accounts

Individual user accounts are usernames assigned to an individual user. Individual user accounts shall have the minimum privileges/permissions required for the individual user. Individual user accounts shall not be shared.

1.6.4.2 Administrative/System Accounts

Administrative/system accounts are local system privileged accounts such as administrator and root. When possible, system accounts should be disabled and/or restricted to local access only (no network or remote access)

1.6.4.3 Service Accounts

Service accounts are local system or domain accounts attached to a service. Service accounts shall have the minimum privileges/permissions required for their specific function. System account password must be documented in a secure encrypted location such as 1Password.

1.6.4.4 Passwords

All account passwords must comply with 1.5 Password Standard.

 

1.6.5. Compliance

1.6.5.1 Compliance Measurement

ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.

1.6.5.2 Exceptions

Any exception to the standard must be approved by ITS in advance.

1.6.5.3 Non-Compliance

An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.

 

1.6.6. Related Standards, Policies, and Processes

1.5 Password Standard

 

1.6.7. Revision History

Date By Summary