Policy: Network Access and Authentication Policy Created: 1/12/2014 Section of: Corporate Security Policies Target Audience: Technical CONFIDENTIAL Page: 1 of 5 Richman Investments is hereinafter referred to as “the company.” 1.0 Overview
Consistent standards for network access and authentication are critical to the company’s information security and are often required by regulations or third-party agreements. Any user accessing the company’s computer systems has the ability to affect the security of all users of the network. An appropriate Network Access and Authentication Policy reduces the risk of a security incident by requiring consistent application of authentication and access standards across the network. 2.0 Purpose
The purpose of this policy is to describe what steps must be taken to ensure that users connecting to the corporate network are authenticated in an appropriate manner, in compliance with company standards, and are given the least amount of access required to perform their job function. This policy speciﬁes what constitutes appropriate use of network accounts and authentication standards. 3.0 Scope
The scope of this policy includes all users who have access to company-owned or company-provided computers or require access to the corporate network and/or systems. This policy applies not only to employees, but also to guests, contractors, and anyone requiring access to the corporate network. Public accesses to the company’s externally-reachable systems, such as its corporate website or public web applications, are speciﬁcally excluded from this policy. Richman Investments Conﬁdential
Policy: Network Access and Authentication Policy Created: 1/12/2014 Section of: Corporate Security Policies Target Audience: Technical CONFIDENTIAL Page: 2 of 5 4.0 Policy
4.1 Account Setup During initial account setup, certain checks must be performed in order to ensure the integrity of the process. The following policies apply to account setup: • Positive ID and coordination with Human Resources is required. • Users will be granted least amount of network access required to perform his or her job function. • Users will be granted access only if he or she accepts the Acceptable Use Policy. • Access to the network will be granted in accordance with the Acceptable Use Policy. 4.2 Account Use Network accounts must be implemented in a standard fashion and utilized consistently across the organization. The following policies apply to account use: • Accounts must be created using a standard format (i.e., ﬁrstname lastname, or ﬁrstinitial lastname, etc.) • Accounts must be password protected (refer to the Password Policy for more detailed information). • Accounts must be for individuals only. Account sharing and group accounts are not permitted. • User accounts must not be given administrator or ’root’ access unless this is necessary to perform his or her job function. • Occasionally guests will have a legitimate business need for access to the corporate network. When a reasonable need is demonstrated, temporary guest access is allowed. This access, however, must be severely restricted to only those resources that the guest needs at that time, and disabled when the guest’s work is completed. • Individuals requiring access to conﬁdential data must have an individual, distinct account. This account may be subject to additional monitoring or auditing at the discretion of the IT Manager or executive team, or as required by applicable regulations or third-party agreements. Richman Investments Conﬁdential
Policy: Network Access and Authentication Policy Created: 1/12/2014 Section of: Corporate Security Policies Target Audience: Technical CONFIDENTIAL Page: 3 of 5 4.3 Account Termination when managing network and user accounts, it is important to stay in communication with the Human Resources department so that when an employee no longer works at the company, that...
Please join StudyMode to read the full document