February 27, 2002
ITEM 114-104-R0102��� Board of Regents Policies and Procedures Manual: Information Technology; Logging On and Off Computer Resources Number (3) (New)
No. 3
SCOPE
This policy applies to all MUS-owned or managed computer systems.� Unless otherwise indicated, the term �user� here refers to both employee and student users.
REQUIREMENTS
MUS entities must provide for the security of their data and information resources. For employee and student users, access to these resources must be controlled by having users properly log onto and off of computer systems and by prohibiting users from using other users� accounts. For patron users, management of the patron-accessible systems must prohibit users from engaging in activities that result in security problems.
All MUS-operated computer systems to which a user can connect interactively must display an informational banner at user-connection time explaining what are considered acceptable uses of MUS information technology resources; this information may be in the form of references to MUS policies on security and monitoring, acceptable use, or other pertinent topics.
SAMPLE WARNING BANNER
This computer is the property of Montana Tech and is subject to the MUS security, monitoring, and appropriate-use policies located at: http://�. or available in hard copy from the campus information technology office.� Unauthorized use is a violation of 45-6-311, MCA and Montana University System policies. By continuing to use this system, you indicate your awareness of and consent to these terms and conditions of use. Log off immediately if you do not agree to the conditions stated in this warning.
GUIDELINES � RECOMMENDATIONS, NOT REQUIREMENTS
For a computer dedicated for use by a single employee user, at the end of each workday the user should disconnect from network-accessible resources if possible. The user should power off his/her computer(s), or use password-protected screen savers or �sleep modes� to prevent unauthorized access.� The user should also release network-accessible resources (i.e., through log-off of connection to that resource) whenever those resources are not in use. Users who plan to leave their computers unattended for 30 minutes or longer should either log off network-accessible resources or use password-protected screen savers or sleep modes to prevent unauthorized access.
For a computer shared by multiple employee and/or student users, each user should disconnect from network-accessible resources, log-off the computer, and make it available for another user immediately upon completion of his/her �computer session.� Users of shared computer systems should generally not leave their computer sessions unattended � they should log-off if they must leave the immediate vicinity of the computer, then log in again upon return.