Workstation_Use_and_Security

Workstation Use and Security Policy:

Supporting documents: Full policy

Procedures must be in place to ensure all University workstations are classified based on allowable capabilities and activities and secured accordingly in order to protect the confidentiality, integrity, and availability of sensitive data contained on or accessed through the workstations.

This includes defining the functions to be performed, the manner in which they are to be performed, and the physical attributes of the surroundings of a specific workstation or group/class of workstations which contain or provide access to sensitive data.

The level of protection provided for University workstations containing or providing access to sensitive data must be commensurate with the identified risks. An assessment of the risks to University workstations which contain or provide access to sensitive data, including a vulnerability scan and corrective actions per the Vulnerability Assessment Standard. The risk assessment documentation must be securely maintained.

At a minimum the following controls must be in place for University workstation containing or providing access to sensitive data:

Must require a form of unique user authentication such as: userID and password, biometrics, or an access device such as a token for authentication of access.
Must be part of a patch or vulnerability management system.
Must be physically located in such a manner to minimize the risk of unauthorized access.
Display screens/monitors must be positioned such that information cannot be readily viewed by unauthorized individuals.

University Faculty, staff, students, and volunteers must report loss or theft of any access device (such as a card or token) that allows them physical access to areas having workstations which contain or provide access to sensitive data.