UMGC Policy X-1.19A

Account Management (UMGC Learner Community)

Policy Category Policy No. & Title Policy Owner Effective Date Revision Number Revision Eff. Date Review Cycle

X
Information Governance, Security & Technology

X-1.19A
Account Management (Learner Community)

VP of Information Security

July 15, 2021

N/A

N/A

Every 3 years

  1. Purpose

    University of Maryland Global Campus ("UMGC" or "University") provides certain individuals network accounts to allow secure access to UMGC Information Technology (IT) Resources. The purpose of this Policy is to establish a consistent set of rules and requirements for the creation, administration, and disabling of access to University Accounts (as defined below) issued to individuals who have applied for admission to UMGC, are or have been enrolled in credit or non-credit courses through UMGC, and individuals who have completed a degree or certificate program at UMGC (the "UMGC Learner Community") in order to ensure optimal use of resources while maintaining network security.

  2. Scope

    This Policy applies to all individuals including Contractors who are responsible for the creation, management and/or administration, and disabling of University Accounts for the UMGC Learner Community. A separate policy, UMGC Policy X-1.19B – Account Management (UMGC Workforce), applies to the administration of Accounts for those individuals.

  3. Definitions

    The capitalized terms found in this Policy shall have the meanings below:

    1. Account: An established relationship between a User and a computer, network, or Information System. Accounts are assigned credentials such as a username and password. For the purposes of this Policy, Accounts include but are not limited to those that are issued for the purposes of application for admission to UMGC, registration for, and participation in, academic or training activities, UMGC email accounts and general access to other IT Resources.

    2. Contractor: A person or a company that undertakes a contract to provide materials or labor to perform a service for UMGC.

    3. Information Resource: Anything that is intended to generate, store, or transmit information.

    4. Information System: Inter-related components of Information Resources working together for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

    5. Information System Steward: A UMGC staff member or other individual providing services to the University who is responsible for the development, procurement, compliance, and/or final disposition of an Information System.

    6. Information Technology Resources or IT Resources: Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by UMGC directly or by a third party on behalf of UMGC which requires the use of such equipment. IT Resources can include computers, mobile devices, software, firmware, services (including support services), and UMGC's network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.

    7. Least Privilege: The security objective of granting an individual access to only such Information Resources and records, and the information contained therein, as necessary for an individual to perform the individual's job.

    8. User: A member of the UMGC Learner Community who may be granted access to IT Resources.

  4. Policy

    1. The creation of and access to Accounts will be based on internal administrative guidelines maintained by UMGC and applicable Contractors.

    2. Information System Stewards shall review Accounts on a periodic basis to determine that the level of User access to these Accounts is appropriate and consistent with the concept of Least Privilege.

    3. UMGC and applicable Contractors, shall ensure that access to IT Resources is disabled when access is no longer required.

  5. Enforcement

    1. Anyone with knowledge of an alleged violation of this Policy should notify the V.P., Information Security as soon as practicable.

    2. Any employee, Contractor, or other third-party who violates this Policy may be subject to disciplinary action, up to and including termination of employment or contract.

  6. Related Policies and Procedures

    1. UMGC Policy X-1.19B Account Management (UMGC Workforce)

    2. UMGC Internal Administrative Procedures – Account Management (UMGC Learner Community)