15.53 – NMSU Server Administration and Operation

Print Friendly, PDF & Email

Details

Scope: NMSU System

Source: ARP Chapter 15 | Information Management and Data Security

Responsible Executive: Chief of Staff

Responsible Administrator:

Last Updated: Not Available

Related

Cross-Reference:

Revision History:

2017 Recompilation, formerly Rule 2.35.1.2.4

PART 1: PURPOSE


This Rule addresses servers connected to the NMSU network. It specifies who is eligible for accounts, security maintenance requirements and the Rule for reporting server break-ins.

 

PART 2: RULE


Account eligibility and account maintenance: Account maintenance shall be in accordance with university policies and procedures. In general, computer accounts are limited to NMSU faculty, staff, and students. Other accounts used to facilitate official NMSU efforts are permitted and shall be limited to those services needed to assist the institution. Accounts should not be provided to family, friends, or other non-NMSU affiliates.

Access to the server should be limited to those computers (clients) that need access to the available services on the server. The server system administrator shall make efforts to restrict other access. Unused services shall be removed from the machine. The sharing of disk drives shall be limited to those clients who require access. Those sharing the disk are required to ensure the disk is password protected and does not violate copyright laws by exporting vendor software.

 

PART 3: SECURITY


Employees responsible for any computer classified as a server shall make every effort to ensure that the server is not compromised by internal and external malicious activity by:

  1. Regularly updating the server operating system as updates become available.
  2. Updating the server with all known security patches.
  3. Regularly performing account audits.
  4. Regularly performing access control reviews.
  5. Regularly performing a review of services provided by the server.

The server system-administrator is responsible for reporting any security-related incident to the ICT chief security officer.

The department that owns the server is responsible for 1) performing any audits required by information and communication technologies, NMSU, or other legal authorities and 2) bearing the costs of server administration tasks.