University Policies

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Rowan, James J.

Saved on

compared with

New Version 3

changes.mady.by.user Rowan, James J.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


ROWAN UNIVERSITY POLICY

Title: General User Password Policy

Subject: Information Security
Policy No: ISO:2013:10
Applies: University-wide
Issuing Authority: Information Security Office - Chief Information Security Officer
Responsible Officer: Vice President for Information Resources and Chief Information Officer

Date Adopted: 07-01-2013

Last Revision: 06-01-2014

Last Review: 09-01-2014

I.    PURPOSE

A growing number of information security threats result from unauthorized access to data stored on computers. Frequently, access to such data is controlled through the use of password authentication.  The failure to protect data through the use of strong passwords can result in incidents that expose Sensitive Information and/or impact critical University services. Adherence to this policy is essential to ensure the security of information at the University, including Mission-Critical devices and devices storing or processing Sensitive Information.

II.    ACCOUNTABILITY


Under the direction of the President, the Chief Information Officer and the Chief Information Security Officer shall implement and ensure compliance with this policy. The Vice Presidents, Deans, and other members of management will implement this policy in their respective areas.

III.   APPLICABILITY


This policy applies to any faculty member, staff member, student, temporary employee, contractor, outside vendor, or visitor to campus ("User") who has access to University-owned or managed information or the Rowan network through computing devices owned or managed through Rowan or through permission granted by Rowan University.

IV.  DEFINITIONS

A.  "Information Security Incident": Includes any incident that is known or has the potential to negatively impact the confidentiality, integrity, or availability of Rowan University information. This can range from the loss of a laptop or PDA to the virus infection of an end-user work station to a major intrusion by a hacker.

...

Sensitive data also includes any other information that is protected by University policy or federal or state law from unauthorized access. This information must be restricted to those with a legitimate business need for access. Examples of sensitive information may include, but are not limited to, social security numbers, system access passwords, some types of research data (such as research data that is personally identifiable or proprietary), public safety information, information concerning select agents, information security records, and information file encryption keys.

V.  POLICY

A.  All passwords are to be treated as confidential Sensitive Information. This policy must be followed where technically feasible to the greatest extent possible.

...

        • A password must contain at least one letter and at least one numerical digit.
        • A password must contain at least one of these characters: !@#$%&*+={}?<>"'
        • A password must not: start with a hyphen, end with a backslash (), or contain a double-quote (") anywhere except as the last character.

VI.  NON-COMPLIANCE AND SANCTIONS

Violation of this policy may subject the violator to disciplinary actions, up to or including termination of employment or dismissal from a school, and may subject the violator to penalties stipulated in applicable state and federal statutes. 
 

...