Tighter Security Practices – Recent Changes to USNH System Access Control Policy

From Laura Seraichick, IT: In an effort to increase USNH security practices, the USNH System Office has recently approved modifications to our current USNH 5.7 System Access Control policy. System Access Control is part of the USNH Property Policies, Section F under IT Security (Section F5).

Highlights of the policy include utilization of employee-specific passwords for access, password change schedules, and treatment of passwords, along with Social Security Number restrictions whenever the SSN is utilized and/or displayed. The policy-effective date is May 2, 2009, and the updated policy will soon be published online.

As with other USNH policies, compliance is required and accomplished locally at each institution. As CIO, I am responsible for establishing standards to ensure that it is implemented in a manner compatible with technologies at our institution. Our approach to IT Security is a combination of technical and business-process controls, and to that end, I will need your help. The IT Group is currently conducting a gap analysis and will be communicating with others on the campus in order to complete their work. Recommendations will be considered by CITC and then forwarded to the President for final approval. At that time, I anticipate that we will be communicating to the campus changes in tools and/or processes that will ensure compliancy with the new policy before May 1. Thanks in advance for your cooperation.