Versions Compared

Old Version 2

changes.mady.by.user James Pollard

Saved on

compared with

New Version 3

changes.mady.by.user James Pollard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • Every computer must be encrypted including personal tablets and phones if used with UT data
    • exceptions may be granted by ISO on a case by case basis
    Do not log in with an administrator account unless you are taking an action only an administrator can do
    • AllTightly control administrative accounts
      http://security.utexas.edu/policies/irusp.html#section_5_4_7

      5.4.7. This section to be made effective on September 01, 2015 so as to allow the campus time to plan and transition. When access to a university-owned IT device's administrative account is required by someone other than an IT Support Staff member, the following exception criteria must apply:

      5.4.7.1. Individuals must annually complete the Position of Special Trust form;

       

      5.4.7.2. Individuals must only use the administrative account for special administrative functions and default to a lower privileged user account for other day-to-day use;

       

      5.4.7.3. Individuals must review the following training materials, How not to Login as Administrator (and still get your job done);

       

      5.4.7.4. IT System Custodians are required to periodically review the use of administrative account exceptions.

       

      5.4.7.4.1. IT System Custodians will remove any administrative accounts that go unused or are no longer required; and

       

      5.4.7.4.2. IT System Custodians are required to raise inappropriate use to management (e.g., staying logged in with the administrative account longer than needed).