|
|
SLAC Computer Security | ||
| SLAC Home | Computing Home | Computing Outages | Help | |||
Any user
possessing an account with elevated administrative privileges (admin) shall
abide by SLAC and Stanford University policies and exhibit the highest level of
ethics.
Persons with access to confidential and private information are required by Federal and State privacy laws to keep it confidential.
Failure to abide by these policies is very serious and could impact your position at SLAC.
Please review the following Administrative Guide Memos: #1, University Code of Conduct, section 3, found at http://adminguide.stanford.edu/1.pdf ; #15.2, Staff Policy on Conflict of Commitment and Interest, Section 2.b, found at http://adminguide.stanford.edu/15_2.pdf; and #63, Information Security found at http://adminguide.stanford.edu/63.pdf."
User must make a request for an admin account in writing (via email) with a business justification to their manager.
Managers must ensure that the requestor has sufficient need and the skills and knowledge to use the admin account appropriately and will request the admin account on behalf of the requestor.
Requests for windows admin account on computers (laptop and/or desktop/workstation) assigned to requestor for SLAC use must be submitted to OCIO IT Departmental Support Manager and your Departmental Support team member (ithelp@slac.stanford.edu).
Use Superuser/NFS Privileges form to request "sudo" privileges or a private "root" password on a Linux/Unix desktop system administered by OCIO.
System administrative accounts for windows servers must be submitted to windows-admin (windows-admin@slac.stanford.edu).
Network device admin accounts must be submitted to and approved by OCIO Network and Telecon Manager (net-admin@slac.stanford.edu) or designee.
Windows domain administrator or UNIX "root" accounts must be submitted to the Computer Security Officer (security@slac.stanford.edu) or designee for approval with concurrence of IT Infrastucture and Operations Manager or designee.
The Enterprise Applications team members submit requests through Privilege Request Tracker.
Admins must:
Not use their admin account for everyday tasks, i.e. read email or surf the Internet. Only log in with an administrator account when need to perform system adminstration tasks.
Have sufficient knowledge to perform required tasks.
Ensure systems, they have admin rights to, are well maintained, i.e. OS patched, applications up-to-date, etc.
Stay up with the latest threats and risks.
Keep skills up-to-date.
If these requirements are not met, it may result in loss of the admin account.
Managers must review, at least annually, whether a user with admin rights needs them. This must be done in a auditable fashion, asking the question via email or RT.
Owner: SLAC Computer Security |