The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > About OIT > Information Resource Standards > Account Management Standard

Account Management Standard

As a companion to access control and sound security practices, proper management of computer accounts is a critical requirement for the protection of UTSA’s information resources. Accounts are granted to those with an official role or appointment to the University or, in some cases, to guests or those performing services for the University, and will be withdrawn after the role or service has been completed.  Except for public information resources, all accounts that access university information must be managed according to the access management principles referenced in this standard.

The Office of Information Technology will manage network accounts and access to OIT-managed information resources. For all other applications and systems, account privileges will be granted by Data Owners or their delegates.

The level of authorized access must be based on the principle of Least Privilege.

All accounts will be uniquely identifiable and will be assigned to an individual. Account names may not be re-assigned or changed under any circumstances.

Accounts will be changed to reflect the modification of privileges if an employee or a student changes roles within the University. Commensurate with risk and reasonable practice, accounts must be reviewed regularly (preferably annually) to ensure currency of the privileges.

Password aging and expiration dates must be enabled for all special accounts granted to outside vendors, contractors and those with contractually limited access.

See also: Standards for Passwords, Administrative/Special Access, Authentication, Email Management, Vendor Access, Responsibilities.
Effective Date:

August 31, 2011

Compliance Date:

October 1, 2011

Last Revision:

July 12, 2011

 

Account Management

Disposal of Computers
Other Electronic Devices

Laptop Encryption

Policy Exception and Risk Assumption Procedures

Administrative/Special Access

E-Mail Management

Log-in Disclaimer

Security Monitoring

Application Registration

Incident Management

Network Access

Security Training

Enterprise Backup &
Data Recovery

Information Resource Use and Security (pending)

Network Configuration

Server Hardening

Change Management

Information Security Risk Assessment

Password

Software Licensing

Computer Naming Convention

Information Security Administrator (ISA)

Patch Management Standard

Threat Detection and Prevention

Configuration and Asset Management

Information Security Training Standard

Personal Computing

Unauthorized File Sharing

Copiers and Printers

Information Services Privacy

Physical Access

Vendor Access

Data Center

Internet Use

Portable Computing

Web Application Vulnerability Scanning

Data Classification

Intrusion Detection

Protection Against Malicious Software

Wireless Network

 

 

 

Workstation Operating Systems Support

Tools