To ensure the integrity and confidentiality of the data on the Washington University in St. Louis network, administrators’ access to areas requiring elevated privileges should be limited and monitored. Administrators should not use their own system IDs to access areas requiring elevated privileges.
System administrators should be provided with two accounts, each with a different level of access:
- User account restricted privileges to be used for day-to-day functions
- Administrator account elevated privileges to be used for system or root level functions
The desktop environment of the server and/or system administrator should reflect when the administrator account is in use.
- Account information should be stored in a secure location.
- Usage of these accounts should be logged and monitored on a regular basis.
- System-level passwords should be reset at least every 90 days.
- System-level passwords should be reset immediately when an administrator leaves the university.
Updated April 1, 2013.