The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Skip to Main Content

Skip to Navigation

Skip to office quick links

If you are using a screen reader to view this page, please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Site Map

Copyright (c) 2008. The University of Texas at San Antonio. All rights reserved.

Staff | Faculty | Students | Researchers | Quick Links

OIT Home > Security > Information Resource Standards > Account Management Standard

Account Management Standard

Purpose - The UTSA Account Management Standard establishes rules for creating, monitoring, controlling and removing user accounts.

Audience - The UTSA Account Management Standard applies equally to all students and employees who have authorization to access any UTSA information resources. The accounts of vendors and consultants are covered in the Vendor Access Standard.

  1. A request and approval process appropriate for the system or service must be in place for all accounts.

  2. All users must sign the UTSA Information Resources Security Acknowledgement and Nondisclosure Agreement before access is granted. Where feasible, an electronic version of the Agreement document will be available.

  3. All accounts must be uniquely identifiable by means of the assigned user name.

  4. All account passwords must adhere to the UTSA Password Standard.

  5. All passwords are temporary, and must be changed periodically in accordance with the UTSA Password Standard.

  6. All new user accounts that have not been accessed within 30 days of creation will be cancelled.

  7. Accounts will be locked after three unsuccessful login attempts.

  8. System Administrators or other designated staff:

    1. are responsible for removing the accounts of individuals who transfer to other departments at UTSA or no longer work at UTSA

    2. must have a documented process for account modifications such as name changes, accounting changes and changes to user access privileges

    3. must have a documented process for reviewing, at least on an annual basis, the status of existing accounts

    4. are subject to an independent audit review of procedures

    5. must provide a list of accounts for the systems they administer when requested by authorized UTSA management

    6. must cooperate with authorized UTSA management during the investigation of security incidents.

  9. Owners:

    1. are responsible for developing plans for departmental accounts

    2. are responsible for notifying appropriate personnel immediately when an employee leaves their department.

  10. Vendor and special access accounts must be reassessed at least every quarter.

Account Management

File Sharing

Network Configuration

Server Hardening

Administrative/Special Access

Incident Management

Password

Software Licensing

Backup and Data Recovery

Information Services Privacy

Physical Access

Vendor Access

Change Management

Internet Use

Portable Computing

Virus Protection

Data Classification

Intrusion Detection

Security Monitoring

Wireless Communication

E-Mail Management

Network Access

Security Training