University of Maryland Global Campus ("UMGC" or "University") provides certain individuals network accounts to allow secure access to UMGC Information Technology (IT) Resources. The purpose of this Policy is to establish a consistent set of rules and requirements for the creation, administration, and disabling of access to University Accounts (as defined below) issued to individuals who have applied for admission to UMGC, are or have been enrolled in credit or non-credit courses through UMGC, and individuals who have completed a degree or certificate program at UMGC (the "UMGC Learner Community") in order to ensure optimal use of resources while maintaining network security.
This Policy applies to all individuals including Contractors who are responsible for the creation, management and/or administration, and disabling of University Accounts for the UMGC Learner Community. A separate policy, UMGC Policy X-1.19B – Account Management (UMGC Workforce), applies to the administration of Accounts for those individuals.
The capitalized terms found in this Policy shall have the meanings below:
Account: An established relationship between a User and a computer, network, or Information System. Accounts are assigned credentials such as a username and password. For the purposes of this Policy, Accounts include but are not limited to those that are issued for the purposes of application for admission to UMGC, registration for, and participation in, academic or training activities, UMGC email accounts and general access to other IT Resources.
Contractor: A person or a company that undertakes a contract to provide materials or labor to perform a service for UMGC.
Information Resource: Anything that is intended to generate, store, or transmit information.
Information System: Inter-related components of Information Resources working together for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
Information System Steward: A UMGC staff member or other individual providing services to the University who is responsible for the development, procurement, compliance, and/or final disposition of an Information System.
Information Technology Resources or IT Resources: Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by UMGC directly or by a third party under a contract with UMGC which requires the use of such equipment. The term includes computers, mobile devices, software, firmware, services (including support services), and UMGC’s network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.
Least Privilege: The security objective of granting an individual access to only such Information Resources and records, and the information contained therein, as necessary for an individual to perform the individual's job.
User: A member of the University community, including but not limited to Staff and Faculty, and other individuals performing services on behalf of University, including Contractors, volunteers and other individuals who may have a need to access, use or control University Data.
The creation of and access to Accounts will be based on internal administrative guidelines maintained by UMGC and applicable Contractors.
Information System Stewards shall review Accounts on a periodic basis to determine that the level of User access to these Accounts is appropriate and consistent with the concept of Least Privilege.
UMGC and applicable Contractors, shall ensure that access to IT Resources is disabled when access is no longer required.
Anyone with knowledge of an alleged violation of this Policy should notify Information Security as soon as practicable.
Any employee, Contractor, or other third-party who violates this Policy may be subject to disciplinary action, up to and including termination of employment or contract.
USM IT Security Standards, v.5, dated July 2022
NIST SP 800-171r2 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”, dated February 2020
Cybersecurity Maturity Model Certification (CMMC), v.2.0, dated December 2021