Skip to main content Skip to main content

User Account (NetID) Management

Information and Information Technology


Contents


Policy Statement

The purpose of this policy is to identify acceptable use of user accounts and identities within University computer systems and software, and to establish rights and responsibilities of account holders. This policy applies to all users of MSU Denver computer systems, including students, faculty, staff, contractors, consultants, and others granted access to University systems. Accounts covered through this policy include the MSU Denver NetID, as well as other accounts for systems purchased or maintained by and on behalf of the University.

Account Creation

MSU Denver NetIDs are to be managed within Banner, and must be created in accordance with IT Services account creation procedures. All NetID account creation requests must be submitted through ITS Helpdesk tickets.

Account Management

Changes to MSU Denver NetIDs will be documented with help tickets to ensure that all changes are documented. These changes can include but are not limited to: 

  • Adding or removing VPN access
  • Adding PC administrative permissions
  • Modifying access to network file share
  • Modifying user privileges
  • Modification of NetID for name changes

Vendor and Contractor User Accounts

User accounts for vendors or contractors will be created upon request via help ticket. These user accounts must be provisioned with access limited to the minimum amount of systems permissions required. Vendor and contractor user account status must be reviewed each semester to ensure that accounts no longer in use are deactivated in a timely manner.

Account Timeout and Locking Sessions

MSU NetID accounts within the MSU Denver Active Directory domain (WinAD) will be created with pre-defined timeouts with screensavers. If an account session remains idle for longer than the pre-defined limit, the system will activate a screensaver, and the user will be required to re- enter their network credentials to return to their session. Depending on job duties and departmental policy, users may have the ability to extend or shorten the timeout for each workstation they use. If a user steps away from their workstation, they must lock the workstation to prevent access to their session(s) by another person.

Privileged User Accounts

User accounts with elevated administrative privileges will be granted when required for performance of assigned job duties. Completion of basic security awareness training and submission of a request will be required before providing administrative privileges.

Account Deactivation

User accounts will be deactivated when access to systems is no longer authorized. It is the responsibility of supervisors to notify Human Resources when a staff or faculty member will be separating from the University. Human Resources will then notify IT via help ticket to ensure that account deactivation occurs in a timely manner.

Student accounts will be active while the student is actively enrolled and will remain active until the student has not been enrolled for three consecutive semesters.

Modifications to User Roles

It is the responsibility of supervisors to notify IT Services when a staff or faculty member will be changing roles in relation to access to systems or data. This notification must be made through help ticket and should outline what access will be added, removed, or modified. Examples could include a student employee who leaves a department. While their accounts will remain active, access to a departmental folder or specialized application may need to be revoked.


Background and Purpose

Background: MSU Denver's information security policies were created by the IT Strategic Oversight Committee (ITSOC) Information and Instructional Technology Policies Subcommittee and reviewed by the University’s Policy Advisory Committee. Review of these policies will be made on an annual basis, with any changes or additions being submitted through the University’s policy review and approval process.

Purpose: MSU Denver’s information security policies are focused on protecting critical data and information systems of Metropolitan State University of Denver from loss, damage, or inappropriate modification or disclosure. The policies contained in this document are designed to ensure that the University adheres to security standards commensurate with the data and systems referenced, while maintaining appropriate functional access for students, faculty, and staff.

Scope: These policies apply to all individuals, including students, faculty, and staff, provided access to University data and information technology systems. Contractors and otherwise affiliated individuals must agree to abide by the information security policies before accessing university systems and data. Role-based policies and procedures that apply to specific groups of users will be provided when applicable, in accordance with functional requirements and data classification.


Roles and Responsibilities

Approval Authority: President

Responsible Executive: Chief Information Officer

Responsible Administrator: Chief Information Security Officer

Responsible Office: Information Technology Services

Policy Contact: IT Services, msudenver.edu/technology, 303-352-7548


Enforcement and Reporting

Adherence to Information Security Policies is mandatory and may be based on State or Federal statute, contract language, or information security standards. These policies are not intended to unreasonably interfere with system utilization. Individuals should contact the IT Services Help Desk to report security risks, violations of policy, or to make requests for exceptions or amendments to the policies. The Chief Information Security Officer (CISO) and other IT Services staff will respond to all reported security issues and will work with the policy subcommittee to allow for development of appropriate updates to policies. Violations of these policies may result in fitting administrative action up to and including revocation of system privileges, employee termination, or student expulsion.

Information about the Information and Instructional Technology Policy subcommittee is available on the IT Governance website.


Policy History

Effective: July 1, 2017


Related Information


Edit this page