New Microsoft Word Document

The Account Management Policy for the Military College of Signals establishes guidelines for creating, managing, and terminating user accounts to ensure security and compliance with NIST SP 800-53 standards. It applies to all users of MCS systems and includes processes for account creation, authentication, access control, monitoring, and deactivation. Violations of the policy may result in disciplinary actions, including account suspension and legal consequences.

Uploaded by

Ali Jatt

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

10 views

New Microsoft Word Document

Uploaded by

Ali Jatt

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 6

( QUESTION NO 3 )

Account Management Policy for the Military College of Signals (MCS),

NUST. It includes detailed processes, examples, and additional sections to
provide a comprehensive framework
Introduction:
This policy establishes guidelines and procedures for creating,
managing, monitoring, and terminating user accounts within the Military
College of Signals' information systems. The goal is to ensure proper
authorization, accountability, and security for all account-related activities while
aligning with NIST SP 800-53 standards.
By enforcing strong account management practices, this policy seeks to:
i) Protect institutional data from unauthorized access or misuse.
ii) Enable operational efficiency by clearly defining roles and
responsibilities.
iii) Support compliance with national regulations and international
standards for cybersecurity.
2. Scope
This policy applies to:
1. All employees (faculty and staff), students, contractors, and external partners
who use MCS systems.
2. All accounts that provide access to MCS information resources, including:
- Email accounts.
- Administrative system accounts.
- Learning management system (LMS) accounts.
- Remote access or virtual private network (VPN) accounts.
- Specialized systems for research or classified information.

3. Policy Statements:

3.1. Account Types and Definitions

1. Privileged Accounts:*
- Examples: System administrators, database administrators, IT support.
- Purpose: Manage and configure institutional systems and networks.
- Requirements: Must be assigned to personnel with advanced training and
authorization.

2. Standard User Accounts:

- Examples: Students, faculty, non-technical staff.
- Purpose: Access regular institutional resources, including email, LMS, and
library systems.
- Restrictions: No administrative privileges or direct system access.
3. Guest Accounts:
- Examples: Visiting lecturers, event participants, temporary staff.
- Purpose: Short-term access with limited permissions.
- Expiry: Automatically disabled after a pre-approved duration.

4. Service Accounts:
- Examples: Accounts for applications or scripts.
- Purpose: Facilitate automated tasks like database backups or application
integration.
- Restrictions: Non-interactive and monitored for anomalous behavior.

3.2. Account Creation and Approval Process:

1. Request Submission:
- Account requests must be submitted via the official IT support portal or
form.
- Requests must include the requester’s name, role, department, and
justification for access.
2. Verification:
- The IT department will verify the identity of the requester through
institutional records or direct communication.

3. Approval:
- The department head must approve all account creation requests.
- Privileged account requests require approval from the Information Security
Officer (ISO).

4. Implementation:
Once approved, the IT team will create the account and assign access
permissions based on the requester’s role.
A unique user ID and temporary password will be issued, requiring the user to
reset the password upon first login.

3.3. Authentication Requirements

1. Multi-Factor Authentication (MFA):
- Required for all administrative and remote access accounts.
- Methods: Combination of passwords, biometrics (e.g., fingerprint), or time-
based one-time passwords (TOTP).
2. Password Policy:
- Minimum Length: 12 characters.
- Complexity: Include upper and lower-case letters, numbers, and symbols.
- Expiration: Changed every 90 days.
- Storage: Passwords must be encrypted using NIST-approved hashing
algorithms.
3. Account Lockout:
- Accounts will be locked after 5 failed login attempts and require
administrative intervention for reactivation.
3.4. Account Access and Permissions
1. Access Control:
- Permissions will follow the principles of least privilege and need-to-know to
minimize security risks.
- Example: A student should only access their own academic records, not
others’.
2. Periodic Reviews:
- Supervisors and the IT department will review user access permissions every
6 months to ensure alignment with job responsibilities.
Inappropriate or unnecessary access will be revoked immediately.
3.5. Monitoring and Auditing:
1. Activity Logging:
- All login attempts, file accesses, and administrative actions must be logged.
- Logs will include details such as user ID, timestamp, IP address, and activity
performed.

2. Regular Audits:
- The Information Security Team will conduct audits quarterly to detect
unauthorized access, dormant accounts, and policy violations.

3. Incident Response:
- Any suspicious or unauthorized activity must be escalated to the Information
Security Incident Response Team (ISIRT) within 24 hours.

3.6. Account Deactivation and Termination

1. User Departure:
- For employees: Accounts must be disabled within 24 hours of employment
termination.
- For students: Accounts will be disabled upon graduation or withdrawal from
MCS.

2. Dormant Accounts:
- Accounts inactive for 90 days will be flagged for review.
- If no justification is provided, they will be disabled.

3. Guest Accounts:
- Automatically expire after the pre-approved duration. Extensions require
new approvals.
4. Roles and Responsibilities
1. System Administrators:
- Manage account lifecycles and implement access controls.

2. Department Heads:
- Authorize account creation and review access requests.

3. Users:
- Protect account credentials and report suspicious activity.

4. Information Security Team:

- Monitor logs, conduct audits, and respond to incidents.

5. Human Resources:
- Notify the IT team of employee departures promptly to ensure timely
account termination.

5. Compliance and Penalties

1. Compliance:
- Adherence to this policy is mandatory for all users. Violations will result in
disciplinary action as per institutional regulations.

2. Penalties:
- Unauthorized access or misuse of accounts may lead to:
- Account suspension.
- Academic penalties for students.
- Termination of employment for staff.
- Legal action under applicable laws.

6. Review and Updates:

1. This policy will be reviewed annually by the IT Governance Committee or
when significant changes occur in institutional operations or NIST guidelines.
2. Feedback from audits and incidents will be incorporated into policy revisions.

Access Control Policy Template
100% (3)
Access Control Policy Template
6 pages
Access Control Policy
No ratings yet
Access Control Policy
8 pages
ISMS Policy Manual
100% (5)
ISMS Policy Manual
93 pages
IT Access Control and User Access Management Policy
100% (1)
IT Access Control and User Access Management Policy
6 pages
Lab 1
No ratings yet
Lab 1
8 pages
Sample Account Management Policy
100% (5)
Sample Account Management Policy
4 pages
HIPAA Standards and Procedures Checklist-1-1
No ratings yet
HIPAA Standards and Procedures Checklist-1-1
5 pages
Priceoye Campaign Tcs Flat 10 Percent Discount On Mobile Phones
No ratings yet
Priceoye Campaign Tcs Flat 10 Percent Discount On Mobile Phones
2 pages
Priceoye Campaign Tcs Flat 10 Percent Discount On Mobile Phones
No ratings yet
Priceoye Campaign Tcs Flat 10 Percent Discount On Mobile Phones
2 pages
Incoming Material Inspection Checklist
50% (2)
Incoming Material Inspection Checklist
19 pages
IQ3 Haltech LD Manual v2 PDF
No ratings yet
IQ3 Haltech LD Manual v2 PDF
92 pages
Account-Management-Policy-1.0
No ratings yet
Account-Management-Policy-1.0
3 pages
2.IT Policies - Access Privilege Policy
No ratings yet
2.IT Policies - Access Privilege Policy
10 pages
Access Control
No ratings yet
Access Control
11 pages
Security Awareness and Training
No ratings yet
Security Awareness and Training
11 pages
AccountManagement Checklist
No ratings yet
AccountManagement Checklist
2 pages
Access Control Policy
No ratings yet
Access Control Policy
3 pages
SP800 82 Rev 2 To SP800 53 Rev 4
No ratings yet
SP800 82 Rev 2 To SP800 53 Rev 4
333 pages
Sp800 53 Rev4 Appendix F Markup
No ratings yet
Sp800 53 Rev4 Appendix F Markup
198 pages
UoN Access Control Policy v3
No ratings yet
UoN Access Control Policy v3
8 pages
Access control
No ratings yet
Access control
6 pages
Sample - Access Control Policy v1.0
No ratings yet
Sample - Access Control Policy v1.0
8 pages
Access Control Standard
No ratings yet
Access Control Standard
5 pages
Information Security Policies and Standards
No ratings yet
Information Security Policies and Standards
18 pages
Network Policy of Tokyo University
No ratings yet
Network Policy of Tokyo University
18 pages
Group Project 2 Guidelines Document - G1
No ratings yet
Group Project 2 Guidelines Document - G1
3 pages
MCC Password Policy
No ratings yet
MCC Password Policy
2 pages
User Management Techniques
No ratings yet
User Management Techniques
5 pages
Emergency Break-Glass Process for Azure: Cyber Nexus, #1
From Everand
Emergency Break-Glass Process for Azure: Cyber Nexus, #1
Krishnakumar Mahadevan
No ratings yet
Security Policy Document
No ratings yet
Security Policy Document
5 pages
User-Account-Management-Policy-rev112817
No ratings yet
User-Account-Management-Policy-rev112817
3 pages
Identity_and_Access_Management_Policy_1714758366
No ratings yet
Identity_and_Access_Management_Policy_1714758366
6 pages
Doc03 - ISO 27001-2013 ISMS Manual TOP
No ratings yet
Doc03 - ISO 27001-2013 ISMS Manual TOP
24 pages
Monitor Administer System Network Security
No ratings yet
Monitor Administer System Network Security
47 pages
Đề tài 6
No ratings yet
Đề tài 6
9 pages
Acceptable Use Policy
No ratings yet
Acceptable Use Policy
2 pages
Security Policies
No ratings yet
Security Policies
18 pages
Access Management Policy
No ratings yet
Access Management Policy
17 pages
Module 5 - Implementing Access Control, Authentication, and Account Management New
No ratings yet
Module 5 - Implementing Access Control, Authentication, and Account Management New
55 pages
Sp800 53r5 Control Catalog
No ratings yet
Sp800 53r5 Control Catalog
73 pages
Acceptable Use Policy Template
No ratings yet
Acceptable Use Policy Template
12 pages
Practical 4 Isa
No ratings yet
Practical 4 Isa
4 pages
(PIS) Individual Assignment
No ratings yet
(PIS) Individual Assignment
5 pages
National SOP To Manage User Accounts On Ideal Health Facility Information System - July 2023 - Signed
No ratings yet
National SOP To Manage User Accounts On Ideal Health Facility Information System - July 2023 - Signed
28 pages
Access Control Policy
No ratings yet
Access Control Policy
8 pages
CISSP Domain 1 Study Guide Security and Risk Management: CISSP Study Guide - Updated 2024, #1
From Everand
CISSP Domain 1 Study Guide Security and Risk Management: CISSP Study Guide - Updated 2024, #1
Gandiv
No ratings yet
GDPR - Application Data
No ratings yet
GDPR - Application Data
8 pages
atchm_2084217
No ratings yet
atchm_2084217
7 pages
CHAPTER 2.1 - 2.2 - Security Policies - Procedures - SHORT SEM 2021
No ratings yet
CHAPTER 2.1 - 2.2 - Security Policies - Procedures - SHORT SEM 2021
27 pages
Last Day Review Notes
No ratings yet
Last Day Review Notes
18 pages
Access Control Polic1
No ratings yet
Access Control Polic1
7 pages
Managing User and Computer Accounts
No ratings yet
Managing User and Computer Accounts
2 pages
Final Nci Idam Sop Template v1 1
No ratings yet
Final Nci Idam Sop Template v1 1
15 pages
SCCRF Policy 2.1
No ratings yet
SCCRF Policy 2.1
12 pages
IT-Infra - Policies Updated ISMS - Roshan
No ratings yet
IT-Infra - Policies Updated ISMS - Roshan
57 pages
Information Security-Policy-Template
No ratings yet
Information Security-Policy-Template
3 pages
Copy of Acceptable Use Policy Template - v2 - August 2014
No ratings yet
Copy of Acceptable Use Policy Template - v2 - August 2014
2 pages
Password Policy 325048 7
No ratings yet
Password Policy 325048 7
3 pages
LASTNAME, FIRSTNAME - CIS4365 - Security Policy
No ratings yet
LASTNAME, FIRSTNAME - CIS4365 - Security Policy
12 pages
It Security Policy1
No ratings yet
It Security Policy1
5 pages
Account Management Policy
No ratings yet
Account Management Policy
5 pages
Password Management Policy Signed
No ratings yet
Password Management Policy Signed
6 pages
Access Control Policy - v.2.0
No ratings yet
Access Control Policy - v.2.0
5 pages
Zero To Mastery In Cybersecurity- Become Zero To Hero In Cybersecurity, This Cybersecurity Book Covers A-Z Cybersecurity Concepts, 2022 Latest Edition
From Everand
Zero To Mastery In Cybersecurity- Become Zero To Hero In Cybersecurity, This Cybersecurity Book Covers A-Z Cybersecurity Concepts, 2022 Latest Edition
RAJIV JAIN
No ratings yet
Lec - 1snhbdAB
No ratings yet
Lec - 1snhbdAB
5 pages
WKSP projectsa dnmasb
No ratings yet
WKSP projectsa dnmasb
39 pages
Capt Al iLab Report 3 & 4
No ratings yet
Capt Al iLab Report 3 & 4
30 pages
(Lec 6)
No ratings yet
(Lec 6)
41 pages
lab TASK 1-2
No ratings yet
lab TASK 1-2
21 pages
Applied Physics Lab Manual
No ratings yet
Applied Physics Lab Manual
81 pages
Applied Physics Lab Capt Ali
No ratings yet
Applied Physics Lab Capt Ali
4 pages
Bookme Air Tickets Discount - Terms Conditions
No ratings yet
Bookme Air Tickets Discount - Terms Conditions
2 pages
Storage For IBM Tape Level 1 Quiz
No ratings yet
Storage For IBM Tape Level 1 Quiz
6 pages
Oops
No ratings yet
Oops
29 pages
Catalog, Wireless Motor Pump Remote Controller, FORBIX SEMICON Co.
No ratings yet
Catalog, Wireless Motor Pump Remote Controller, FORBIX SEMICON Co.
4 pages
DELTA Vector Control Drive C2000 Series - 20161025
No ratings yet
DELTA Vector Control Drive C2000 Series - 20161025
44 pages
CODING For KIDS 2 BOOKS in 1 Python For Kids and Scratch Coding For Kids. A Beginners Guide To Computer Programming. Have Fun and Learn To Code Quickly, Even If You'Re New To Programming. by Morrison
100% (1)
CODING For KIDS 2 BOOKS in 1 Python For Kids and Scratch Coding For Kids. A Beginners Guide To Computer Programming. Have Fun and Learn To Code Quickly, Even If You'Re New To Programming. by Morrison
226 pages
Retrieving Data in PLSQL
No ratings yet
Retrieving Data in PLSQL
4 pages
Cab Lab 4 Manual
No ratings yet
Cab Lab 4 Manual
13 pages
Resume Short
No ratings yet
Resume Short
8 pages
Project Booklet For Coding Curriculum: Grade Vi
No ratings yet
Project Booklet For Coding Curriculum: Grade Vi
42 pages
Automation OMRON
No ratings yet
Automation OMRON
36 pages
Computer Science (CS) : Kent State University Catalog 2023-2024
No ratings yet
Computer Science (CS) : Kent State University Catalog 2023-2024
19 pages
TJX CloudReady 1.5L Specs and Features V1.5
No ratings yet
TJX CloudReady 1.5L Specs and Features V1.5
15 pages
iOS Notifications Vs Android Notifications
No ratings yet
iOS Notifications Vs Android Notifications
27 pages
assuppt1
No ratings yet
assuppt1
8 pages
Md. Nayyar: Areer Ynopsis
No ratings yet
Md. Nayyar: Areer Ynopsis
3 pages
Agile E1
42% (12)
Agile E1
10 pages
Anita Reddy Khaja
No ratings yet
Anita Reddy Khaja
3 pages
VU C5 T P Data Structure 2021
No ratings yet
VU C5 T P Data Structure 2021
4 pages
Autocad Notes by Prof. D.V. Shirbhate
100% (3)
Autocad Notes by Prof. D.V. Shirbhate
57 pages
CMC LTD.: Interview Procedure
No ratings yet
CMC LTD.: Interview Procedure
15 pages
Selec: Operating Instructions
No ratings yet
Selec: Operating Instructions
2 pages
Zaero Programmers Manual 8.5
No ratings yet
Zaero Programmers Manual 8.5
421 pages
Cad-Cam Lab Manual
No ratings yet
Cad-Cam Lab Manual
41 pages
SAP Spryng SMS Configuration Guide
No ratings yet
SAP Spryng SMS Configuration Guide
20 pages
Systems Security Engineering: NIST Special Publication 800-160
No ratings yet
Systems Security Engineering: NIST Special Publication 800-160
257 pages
Hosts 1572353909619
No ratings yet
Hosts 1572353909619
13 pages
Coursework Tasks Specification
No ratings yet
Coursework Tasks Specification
6 pages
Test2Review
No ratings yet
Test2Review
13 pages