Skip navigation.
New Mexico State University

Security, Policies & Guidelines

Administrative systems account safeguard and usage policy

Rationale

Password maintenance for enterprise system accounts is critical for data security.  Since the password is the final token used to access sensitive data, it should be guarded from inappropriate use.

Personal Accounts on enterprise applications

All developers have been given accounts on production and non-production instances of some of the enterprise applications like Banner and Luminis. These personal accounts shall be used to monitor activity on these instances and be used for auditing purposes. The following should be used as guidelines to prevent accidental compromise of your account.

  1. Change your password at least every 120 days as required by the password expiration policy implemented on our systems
  2. Refrain from resetting your password back to its original value
  3. If you suspect that your password has been compromised, change it immediately.
  4. Personal accounts will be subject to immediate disabling if a breach is suspected or misuse of the account is discovered.

Shared Accounts on enterprise applications

Some enterprise applications do not have provision for role based account privileges. For instance the BANSECR account privileges for maintenance of Banner security cannot be assigned to personal accounts. As a result for the purposes of redundancy and quick turnaround these accounts need to be shared among a few key users. The following policies apply to you if you are entrusted with such an account.

  1. All holders of the shared account shall be responsible for the security of the shared account.
  2. Any suspicion of compromise shall require that the password be changed immediately
  3. All holders of the shared account shall be investigated in case of an audit finding on the account