User Account Policy
Encyclopedia
User Account Policy is a document which outlines the requirements for requesting and maintaining an account on computer systems or networks, typically within an organization. It is very important for large sites where users typically have accounts on many systems. Some sites have users read and sign an Account Policy as part of the account request process.
“Employees shall only request/receive accounts on systems they have a true business need to access. Employees may only have one official account per system and the account ID and login name must follow the established standards. Employees must read and sign the acceptable use policy
prior to requesting an account.”
Policy Content
- Should state who has the authority to approve account requests.
- Should state who is allowed to use the resources (e.g., employees or students only)
- Should state any citizenship/resident requirements.
- Should state if users are allowed to share accounts or if users are allowed to have multiple accounts on a single host.
- Should state the users’ rights and responsibilities.
- Should state when the account should be disabled and archived.
- Should state how long the account can remain inactive before it is disabled.
- Should state password construction and aging rules.
Example
Some example wording:“Employees shall only request/receive accounts on systems they have a true business need to access. Employees may only have one official account per system and the account ID and login name must follow the established standards. Employees must read and sign the acceptable use policy
Acceptable use policy
An acceptable use policy is a set of rules applied by the owner/manager of a network, website or large computer system that restrict the ways in which the network site or system may be used...
prior to requesting an account.”
See also
- Network security policyNetwork security policyA network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. The document itself is usually several pages long and written by a...
- Computer security policyComputer security policyA computer security policy defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical implementation defines whether a computer system is secure...
- Internet securityInternet securityInternet security is a branch of computer security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud,...
- Computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
- Network securityNetwork securityIn the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...
- Industrial espionageIndustrial espionageIndustrial espionage, economic espionage or corporate espionage is a form of espionage conducted for commercial purposes instead of purely national security purposes...
- Information securityInformation securityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....