X-99.05(A)

UMB IT Computer Workstation Security Policy

Information Technology   |   Approved May 7, 2010

---

Responsible VP/AVP

Peter J. Murray, PhD, CAS, MS

---

Applies to Faculty, Staff, Students

---

Revision History

Approved May 7, 2010.

---

Policy Statement

This Policy identifies UMB's procedures for ensuring that computers connected to UMB's network are managed in a secure manner.

UMB has a distributed computing environment with local responsibilities for the maintenance of computer security. This security policy applies to networked computers owned or managed by UMB that contain information or allow access to information that is confidential under law or policy, including without limitation: student education records; student financial aid records; employment records; appointment and promotion records; financial information; patient information; client and patient communications; research information including protocols for ongoing work and pending applications for funding; and, proprietary intellectual property including invention disclosures and pending patent applications.

---

Policy

To maximize the security of computers connected to the UMB network:

All computers are required to have a user password at start up.

All authorized users of UMB network resources are required to "Lock Down" (or log out of) the computer each time the computer is left unattended. If you are unsure how to Lock Down (or log out) of your computer, contact your computer administrator.

Individual user sessions must also initiate a password protected screensaver after a period of no more than thirty (30) minutes of inactivity. A shorter period of inactivity may be implemented at the direction of a department head. For organizationally managed Windows-based machines, this can be accomplished by using Microsoft's "Group Policy" function. These group policies are implemented by each school, department, or unit computer administrator.

All authorized users of UMB network resources are required to follow the strong password characteristics and management practices specified in the campus "Password Management Policy".

Each user of a computer connected to the UMB network must either (a) have a unique and separate network account, or (b) be an authorized guest user. This requirement does not apply to computers configured for public access to the internet and UMB public content.

Computers must contain up-to-date antivirus software to ensure that files saved to them are not infected.

---

Exceptions

Individual exceptions from the "lock down" and "automatic password protection" requirements above will be granted upon approval from the head of a user's academic or administrative unit. Individuals may request an exemption by notifying their computer administrator that they do not use or access confidential information in the course of their work with a networked computer. Networked computers in clinical settings may be exempted from this policy if an alternative security procedure is used by the clinical unit. Exception requests that are supported and approved by the unit head (dean or vice president), or their designee, will be implemented.