Missouri State University

Identity and Access Management

Definitions

Identity: Information system access credentials (e.g., computer login).

Policy Statement

Identity maintenance for all members of the Missouri State University community must be performed online or in person and must not be made by telephone, e-mail, or text messaging.  An automated process will be used to disable or remove a student’s system access credentials after graduation or a period of nonattendance.  Access credentials will be disabled for repeated misuse. See the Human Resources Management Policy for guidance when an employee’s or contractor’s relationship with the University ends.

Only unique access credentials will be used.  Generic or shared access credentials may not be used.  Users must agree to keep their passwords and PIN’s private and to abide by all University information technology policies.  Passwords must be changed periodically and have sufficient complexity, as specified by Computer Services policy.

Only those privileges and/or roles needed to perform job functions will be granted.  When roles change, access must be reevaluated.

The University reserves the right to use a network access control system to ensure the identity and suitability of those connecting to the network.

Reason or Purpose for Policy

A unique identity and corresponding level of access must be properly established to protect the confidentiality, integrity, and accessibility of University information.  Individuals are accountable for actions taken using their system access credentials.

Entities Affected by this Policy

All entities contained in or under the direction of the Missouri State University system.

Line of Authority

  1. Responsible Administrator and Office:  Chief Information Officer (CIO) 
  2. Contact Person in that Office:  Information Security Officer (ISO)