ITS Identification Policy
Policy Statement
Access to University information and/or information resources must be done using identifier and authenticators that are unique to each individual and/or group. User identifiers may only be granted to individuals formally associated with the University and access granted to such identifiers may only be granted if requested by an authorized individual. All access granted through the use of identifier and authenticators must be revoked immediately upon separation from the University and/or the revocation of individual’s need to access such information..
Entities Affected By This Policy
All individuals at the University
Contacts
EIU Information Security 217-581-1939
Principle
User Identification and Authentication
- All information resources allowing access to internal, protected and/or nonpublic information must have the ability to uniquely identify and authenticate users
- Any information resource allowing access to internal, protected and/or nonpublic information must utilize unique identifiers for each individual accessing the resource that meet, at minimum, the standards outlined below
- Any information resource utilizing unique identifiers to allow access to internal, protected and/or non-public information must also utilize unique authenticators that meet, at minimum, the standards outlined below
Device Identification and Authentication
- All information systems connecting to non-public sections of the University network must be uniquely identified and authenticated for such access
- Identification and authentication of information resources may be handled through:
- Media Access Control (MAC) address registration
- Network Access Control (NAC) technologies utilizing user authentication
Identifier Management
Eastern Illinois University ITS utilizes the Role-based access control (RBAC) model to assign permissions to end-users based on their role within the university. Roles and access to systems and data are based on the department and aligns with the principle of least privilege and need to know.
- All user identifiers must uniquely identify individual users
- User identifiers may only be granted after verifying the identity of the user through the Banner system following established University procedures for new hires, new students, third-party access, etc.
- Access to information systems granted to user identifiers may only be made after receiving authorization from an appropriate University official.
For example:
-
- General access may only be granted once an individual is entered into Banner as in an active state
- Access to Internet Native Banner data may only be granted if requested by the appropriate Data Custodian
- Access to select Self-Service Banner data may only be granted if requested by the appropriate Data Custodian
- Access to departmental information resources may only be granted if requested by an individual within the department with appropriate authority
- User identifiers established for individuals may only be given to the individual and the individuals direct supervisor (faculty and staff) or the individuals documented academic advisor (students)
- User identifier access must be disabled upon the individual’s separation from the
University, unless:
- Continued access has been granted in University policy
- Continued access has been requested by a Vice President of the University
- User identifier access to departmental or specific INB data must be removed
- If the individual changes departments
- If the individual changes job roles
- If the individual no longer requires access to the information resource
- Upon request from the individual’s supervisor or other appropriate University official
- User identifiers must be archived once disabled and retained for a period of 6 months
- All group identifiers must be linked to a single staff and/or faculty “sponsor”
- Group identifiers may only be given to the individual assigned as the group “sponsor”
- Group identifiers will remain active so only as the group account is required
- Group identifiers must be renewed annually by group sponsor
- Group identifiers must be archived once disabled and retained for a period of 6 months
IT Onboarding
IT onboarding is the process of setting up new employees in EIU systems. This includes creating new user accounts or emails, acquiring necessary equipment, setting up new workstations, adding new licenses for software, setting up new phone numbers and voicemails, and training employees on IT security.
- Please follow your HR onboarding process.
- EIU ITS will provide you with a NETID, email, and software and access to IT services to perform your work here at EIU. Please call our help desk at 217-581-1939 to get your EIU password.
- Your department will need to request the necessary levels of access to software and services.
- Your department will provide you (as needed) with workstations, software, phone number and devices.
- Read and understand the IT policies: https://www.eiu.edu/panthertech/policies.php
- Please take your EIU Cyber Security training, which can be found: https://www.eiu.edu/panthertech/cybertraining.php
Related Documents
Federal Educational Rights and Privacy Act
Supporting Policies, Procedures and Guidelines
University Network Identity Life-Cycle Policy
Banner Access Request Forms (Available from Banner Security Specialist)
Last Date Reviewed: 06/13/2024