IS-1005 System Access
Release Date: 9/12/13
Central New Mexico Community College (CNM) promotes and provides Information Technology (IT) resources that enhance educational services and facilitate job performance and College operations. These resources are shared by CNM students, CNM employees and the public at large. The purpose of this procedure is to define the guidelines used to grant access to the various IT resources housed within CNM, as well as defining the guidelines for denial of access when it is no longer appropriate.
Access privileges fall into two categories; network/system access and physical access. Eligibility is based on the user's relationship to the College.
- Authorized physical access is accomplished through several means including, but not limited to:
- Entering a CNM Physical Facility (Office, Library, Computer Lab, etc.) and using a CNM-owned system located in an area of the campus that you are authorized to access
- Checking out a CNM-owned mobile device to access the CNM wireless network while on campus
- Checking out a CNM-owned mobile device and accessing the CNM network while off campus using the Internet
- Using a personally owned mobile device to access the CNM wireless network while on campus
- Authorized network/system access can be accomplished through several means:
- Logging on to a CNM-owned system using your CNM issued account while on campus
- Logging on to the CNM wireless network using your CNM issued account while on campus
- Logging on to a CNM network or application using the internet using your CNM issued account while off campus
- Logging on to the CNM Guest wireless network while on campus
- Access privileges to CNM Information Technology resources and systems are assigned and managed by the administrators or persons designated for managing access to systems.
- In order to protect/minimize CNM's legal liability and the risk of security threats introduced via the Internet, it is the college's position to prevent access to Internet sites which are listed as having a poor reputation for malware and/or phishing in one or more third party databases.
- CNM's ITS Department may filter access to sites with inappropriate content at the discretion of the CNM Executive Team.
To be eligible for a CNM account, an individual or group must be one of the following:
- CNM student
- CNM employee
- CNM department
- CNM organization
- an individual (contractor, vendor, etc.) or entity approved by the Executive Director, Dean or Functional Leader of the department under which the entity's work is sponsored, the ISCO (Information Security & Compliance Officer) and the Executive Director of ITS
- an authorized CNM guest with a CNM-issued guest identification or approved sponsorship for a CNM sponsored event
- Because account access is granted on an individual basis for educational and CNM work-related purposes, usernames and passwords are used to access CNMs resources.
- Users are required to log off any device before leaving the area to prevent unauthorized access by others.
- CNM accounts must not be used or constructed in a manner that allows any unauthorized access to CNMs resources.
- Accounts residing on or accessing CNMs resources and systems must conform to Intellectual Property Laws (Copyrights and Patents).
Account passphrases/passwords are crucial in the protection of information, systems and networks. They provide a first line defense to safeguard CNM's data. A weak passphrase/password could result in a compromised account. The selection of a strong passphrase/password provides protection for both user and system accounts.
Passphrase Guidelines for Network Accounts
- Length: Minimum 8 characters
- Must contain: upper and lower case letters, numbers and only the following special characters: * % !
- Cannot contain: spaces, be a repeat of the current or last 4 passphrases or contain your username, name or CNM ID
- Change: Change the passphrase every 365 days or whenever a compromise is suspected.
- Protection: Users must adhere to the following principles at all times:
- Do not share or tell anyone your passphrase.
- Be aware of "social engineers" (someone trying to trick you into giving them your passphrase).
- Do not send your paraphrase via email in response to any request, no matter how official that request appears.
- Do not respond to a request to go to a link to provide your passphrase.
- Do not store your passphrase on your computer (if Windows prompts you to "Save Password", do not do it).
- Be very careful when entering your passphrase with somebody else in the room.
- Immediately change your passphrase if you suspect that someone knows it through any means, such as "Social Engineering" mentioned above.
- The following link provides guidance for selecting an easy to remember, strong passphrase: passphrase guidance.
CNM offers a variety of computer accounts including, but not limited to, portal, email, and web accounts.
- Portal accounts (myCNM) are automatically created for all students, staff, and faculty
- Student portal groups are subject to approval by the Dean of Students Office
- Employee portal groups may be created for official CNM business and are subject to approval as follows:
- Interdepartmental Faculty Groups - Vice President for Academic Affairs or designee
- Intradepartmental Groups - Department Dean/Director or designee
- Quality Improvement and AQIP Teams - Associate Vice President for Academic Affairs or designee
- Divisional Groups - Vice President for the Division or designee
- Institutional Groups - Dean/Director of the Group Leader
- Websites must conform to IS-1003 – Web Standards soon to be available on CNMs website via The Source. Any questions regarding Web Policy should be directed to the CNM Webmaster.
- User accounts have normal privileges on all CNM computing devices.
- If a user has Users with a business need for elevated privileges to a device under their direct use and control, they may submit a request through the ITS Services Catalog.
- Users who have a business need for broad elevated privileges to a group of devices not under their use and control will require a separate account granted under the ITS “Z” account process.
There are times when events, such as employment separation or a suspected violation of CNM’s policies and procedures, may necessitate the locking of a user's account(s) to preserve and protect the integrity of CNMs systems and networks.
- Accounts are locked upon termination of employment at CNM. It is the supervisor's responsibility to ensure that the separation checklist is processed through ITS on the same day of the employees separation from the College.
- If an employee's termination results in insufficient time to complete the separation checklist before they leave the College, Human Resources can notify ITS via e-mail to lock the employees account. However, the separation checklist should be completed as soon as possible.
- Upon separation from the College, an employee's data and system files are, and remain, the property of the College. No access to such information shall be granted to a separated employee unless required by law.
- Information contained in each locked account is kept for a period of no less than thirty days. At the end of that period, the information may be retained or deleted at the College's discretion and in accordance with state statutes and codes regarding record retention.
- Access to information in an employee's or separated employee's locked account requires approval from the Human Resources Department.
- Any employee whose account is locked as a result of a suspected violation of CNM policy or procedure is notified by the ISCO or designee.
- Student accounts will remain active for a period of 3 terms (1 year) following the last term of attendance, after which the account will be deleted in its entirety.
- Access to information in a student's locked account requires approval from the Office of the Dean of Students.
- Any student whose account is locked as a result of a suspected violation of the Information Technology Use policy is notified by the Office of the Dean of Students.
- Guest Accounts provide access to the Internet only. Community use guest accounts are valid for one-year terms.
- CNM-sponsored event accounts are valid for the duration of the event.
It is the responsibility of ITS and/or departmental staff that provide support to ensure proper notification to individual users and the CNM community at large of any actions that would impact the use of institutional Information Technology resources and systems.
- Emergency outages of network and computer systems occur on occasion due to hardware or software problems, viruses, or performance issues.
- The ITS Service Desk notifies impacted users of emergency outages via e-mail and the Emergency Notification System.
- ITS makes every reasonable effort to minimize disruptions of service to Enterprise Information Technology resources and systems by scheduling routine maintenance and repair during times when fewer users are utilizing them
- Examples: Software or hardware upgrades and installations; transferring data from one server to another; relocating data communication lines, etc.
- The ITS Service Desk notifies impacted users of planned outages to Information Technology resources and systems a minimum of three business days in advance via e-mail
- ITS can facilitate notification of planned outages for non-Enterprise resources and systems upon request
- If technical problems are experienced with CNM computer hardware or software, contact
the ITS Service Desk for assistance at (505) 224-4357.
- Report detected or suspected viruses on PCs or networks to the ITS Service Desk immediately at (505) 224-4357.
ITS provides advisement, consulting, hardware and software installation and support services for users of CNM's Information Technology resources and systems. For questions and information regarding CNM's Information Technology resources and support, please contact the ITS Service Desk at 224-4357 or visit the ITS website.
- Not Applicable
- Not Applicable
- Not Applicable