PART 1: PURPOSE

This Rule addresses servers connected to the NMSU network. It specifies who is eligible for accounts, security maintenance requirements and the Rule for reporting server break-ins.

PART 2: RULE

Account eligibility and account maintenance: Account maintenance shall be in accordance with university policies and procedures. In general, computer accounts are limited to NMSU faculty, staff, and students. Other accounts used to facilitate official NMSU efforts are permitted and shall be limited to those services needed to assist the institution. Accounts should not be provided to family, friends, or other non-NMSU affiliates.

Access to the server should be limited to those computers (clients) that need access to the available services on the server. The server system administrator shall make efforts to restrict other access. Unused services shall be removed from the machine. The sharing of disk drives shall be limited to those clients who require access. Those sharing the disk are required to ensure the disk is password protected and does not violate copyright laws by exporting vendor software.

PART 3: SECURITY

Employees responsible for any computer classified as a server shall make every effort to ensure that the server is not compromised by internal and external malicious activity by:

1. Regularly updating the server operating system as updates become available.
2. Updating the server with all known security patches.
3. Regularly performing account audits.
4. Regularly performing access control reviews.
5. Regularly performing a review of services provided by the server.

The server system-administrator is responsible for reporting any security-related incident to the ICT chief security officer.

The department that owns the server is responsible for 1) performing any audits required by information and communication technologies, NMSU, or other legal authorities and 2) bearing the costs of server administration tasks.