Ҹ

Skip Navigation

UMGC Policy X-1.19A Account Management (UMGC Learner Community)

Policy CategoryPolicy OwnerVersion Effective DateReview CyclePolicy Contact
X. Information Governance, Security & TechnologyChief Transformation OfficerAug. 29, 2023Every 2 yearsUMGC Information Security
  1. Purpose
    University of Maryland Global Campus ("UMGC" or "University") provides certain individuals network accounts to allow secure access to UMGC Information Technology (IT) Resources. The purpose of this Policy is to establish a consistent set of rules and requirements for the creation, administration, and disabling of access to University Accounts (as defined below) issued to individuals who have applied for admission to UMGC, are or have been enrolled in credit or non-credit courses through UMGC, and individuals who have completed a degree or certificate program at UMGC (the "UMGC Learner Community") in order to ensure optimal use of resources while maintaining network security.
  2. Scope
    This Policy applies to all individuals including Contractors who are responsible for the creation, management and/or administration, and disabling of University Accounts for the UMGC Learner Community. A separate policy, UMGC Policy X-1.19B – Account Management (UMGC Workforce), applies to the administration of Accounts for those individuals.
  3. Definitions
    Defined terms are capitalized throughout this Policy and can be found in the Information Governance Glossary.
  4. Policy Statements
    1. The creation of and access to Accounts will be based on internal administrative guidelines maintained by Ҹ and applicable Contractors.
    2. Information System Stewards shall review Accounts on a periodic basis to determine that the level of User access to these Accounts is appropriate and consistent with the concept of Least Privilege.
    3. Ҹ and applicable Contractors, shall ensure that access to IT Resources is disabled when access is no longer required.
  5. Enforcement
    1. Anyone with knowledge of an alleged violation of this Policy should notify Information Security as soon as practicable.
    2. Any employee, Contractor, or other third-party who violates this Policy may be subject to disciplinary action, up to and including termination of employment or contract.
  6. Standards References
    1. USM IT Security Standards, v.5, dated July 2022
    2. NIST SP 800-171r2 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”, dated February 2020
    3. Cybersecurity Maturity Model Certification (CMMC), v.2.0, dated December 2021
  7. Related Policies and Procedures
    1. UMGC Policy X-1.19B Account Management (UMGC Workforce)