shield Harvard University
Harvard Shield
About                                
Enterprise Security Policy
Information Security & Privacy
Policies
Privacy Levels
Info. Retention and Archival
Human Subjects
For Students
For Employees
For Registrars
Harvard Confidential Info
Working with Vendors
Accepting Credit Cards
Federal and Regulatory
Glossary of Terms
FAQ's       
Reporting Security Incidents
Reporting Violations
Privacy Policy
Security Presentations
Search the Site
Information Security and Privacy :: Controlling Access
 
  `

I. Access to Confidential Information and to systems containing Confidential Information must be controlled by a process that meets one of the following two criteria:

  • A combination of a logname and a secret password that is known only by the user
  • A combination of a logname, a secret password that is known only by the user, and a piece of data generated by an electronic device in the possession of the user (for example, a SecureID card).

and the following characteristics:

  • All access must be by individuals who identify themselves uniquely to the systems.
  • Accounts and passwords must not be shared under any circumstances.
  • Confidential Information, IDs and passwords transported over a network must always be encrypted. Secure web browsers running SSL or TLS meet this requirement.

Use of the Harvard PIN Server for user authentication satisfies the above criteria and has the required characteristics. 

II. The Harvard PIN Server is to be used for all applications at Harvard that access Confidential Information unless a specific exception is made for a particular application by the Harvard CIO.
 		 
 
Universities adopt serious protections after high risk laptops are stolen
Advisory on use and protection of HUID
  >> See all  
Printer Friendly Page
 Trademark Notice|Privacy Policy | © 2008 President and Fellows of Harvard College  
Supported by WDS