Enter a search term. Search SFA

Stephen F. Austin State University

SFA Home / Policies

Computer System Access (F-37)

Original Implementation: January 19, 1999
Last Revision: July 20, 2010

Stephen F. Austin State University (SFA) Administrative Account Security

Administrative accounts are provided for access to the university’s Enterprise Resource Planning (ERP) system. The accounts have the following security characteristics that have been arrived at by the functional need of the type of user.

General Guidelines

All accounts should adhere to the following general guidelines:

• Minimum password length of six characters.
• No trite or easy to guess passwords.
• Passwords cannot be re-used.
• As a rule, "generic" or group accounts are not permitted.

Staff Accounts

Staff accounts are provided for SFA faculty and staff for access to the university’s ERP system. These accounts are generally organized as follows:

Password Lifetime: The password lifetime is set to 90 days for staff accounts.

Access to the Data Command Language prompt: This is generally not allowed.

Programmer Accounts

Programmer accounts are provided to Information Technology Services (ITS) programming staff for the purpose of maintaining ITS systems, providing support to staff users, and augmenting current systems. These accounts are generally organized with the following characteristics:

Password Lifetime: The password lifetime is set to 60 days.

Access to the Data Command Language prompt: Allowed.

Operator Accounts

Operator accounts are provided for ITS operations staff to allow them to:

1. Monitor ITS systems and take corrective action autonomously, if necessary.
2. Service requests for print, tape or other associated resources.
3. Oversee operation of the batch scheduler.

Password Lifetime: The password lifetime is set to 30 days.

Access to the DCL prompt: Allowed.

Database Administrator Accounts

Database administrator accounts are provided for ITS database administration staff to allow them to:

1. Maintain ITS Database systems.
2. Upgrade ERP software (patches and new release software).
3. Provide programming necessary to maintain and augment the administrative environment.
4. Provide general support to programming staff.

Password Lifetime: The password lifetime is set to 30 days.

Access to the DCL prompt: Allowed.

System Manager Accounts

System manager accounts are provided for ITS systems management staff to allow them to:

1. Maintain system software.
2. Upgrade system software (patches and new release software).
3. Provide programming necessary to maintain and augment the system environment.
4. Perform security monitoring and monitor system viability/performance management.
5. Administer user accounts, ERP online system security, and email.

Password Lifetime: The password lifetime is set to 30 days.

Access to the DCL prompt: Allowed.

Investigation of Access Violations

Reported or suspected access violations will be investigated aggressively and completely by the systems management staff of ITS. Upon notification of any such event, the director of Information Technology Services will be notified and the assistant director of systems shall initiate a complete investigation utilizing any system and/or ITS resources necessary. The director of Information Technology Services will notify the provost and vice president for academic affairs and, in the event a business system is involved, the internal auditor.

ITS will take some or all of the following steps to investigate, with the exact order of steps determined by the specific situation:

1. Close any avenue used to commit the violation and return the system at once to a secure state.
2. Immediately take steps to preserve and protect any evidential data sources.
3. Perform any real-time monitoring of suspected violations in progress.
4. Engage ITS and system owner staff as needed to assess and report on the health of any affected application systems.
5. Assess any other systems, application or system-related, that for any reason may be suspected of being involved in the access violation.
6. Alert the University Police Department. Others who may need to be notified include the system owner and any other department that has a justifiable need for involvement.
7. Continue to monitor the system to ascertain if any related violations are attempted. The exact length of any high state of alert is to be commensurate with the situation encountered.

The ITS systems management staff reserves complete authority to inspect in real-time or by other means any suspected activity that appears to represent an abuse of any ITS-managed system. This includes, but is not limited to, inspection of email, real time monitoring of users, logging of activity and inspection of files of any type.

A complete report and analysis of the access violation will be produced after the investigation is complete. Any criminal investigation will fall under the auspices of the appropriate investigating body. The report will be filed by ITS, and full and complete measures will be taken to repair any security breaches uncovered by the investigation.

Assignment of New Passwords

Students, faculty and staff may request a password change in the event their password has been forgotten or some other problem dictates resetting their password.

The process of obtaining password change is outlined below:

Faculty and Staff Email Accounts

Self-Service

Faculty and staff can activate and reset their passwords by choosing the appropriate link under Faculty/Staff E-Mail section on the mySFA home page.

Assisted by ITS Help Desk Staff

If Faculty and staff encounter difficulties using the self-service process to activate or reset their password, they can contact the ITS Help Desk for assistance with the self-service process.

Student Email Accounts

Self-Service

Students can activate and reset their password by choosing the appropriate link under Student E-Mail section on the mySFA home page.

 Assisted by Technical Support Center (TSC) Staff

If students encounter difficulties using the self-service process to activate or reset their password, they can contact the TSC for assistance with the self-service process.  If the student cannot remember their Personal Identification Number (PIN), they must contact the Registrar’s Office to have it reset.

 

Cross Reference: None

Responsible for Implementation: Provost and Vice President of Academic Affairs

Contact for Revision: Director of Information Technology Services

Forms: Account Authorization Form