The USNH System Access Policy was recently implemented by the University System of New Hampshire to increase the protection of information technology resources, information, and the privacy of
everyone using computers on campus. Everyone must take an active role in addressing the increasing threats from malicious activity, malicious software, social engineering and other unauthorized exposure of restricted data. Exposure to these threats results in difficulties for persons whose information was compromised, as well as financial, legal and public relations burdens for organizations where such exposure occurred. The System Access Policy is a University of New Hampshire System policy, but compliance is required and accomplished locally at each USNH institution.

Highlights of the policy include:

• All computer systems must have employee-specific passwords for access that comply with industry standards.
  
  

• Passwords must be changed at regular intervals.
  
  

• Employee-specific passwords shall be treated as sensitive, confidential information and shall not be shared. Passwords shall not be stored online or written down unless adequately secured from unauthorized viewing.
  
  

• Computer users will take reasonable and appropriate measures to prevent access to systems by unauthorized persons.
  
  

• All data on computers or electronic storage devices (including but not limited to desktop, laptop, server, or handheld devices) shall be wiped clean of files and data prior to transfer or surplus.
  
  

• A Social Security Number (SSN) shall not be sent via E-mail unless encrypted or masked for all but the last four (or fewer) digits of the number.

The System Access Policy will be published on usnholpm.unh.edu in its entirety. You will not be alone in implementing this policy. Computing and Information Services is offering information sessions and training to help users learn to reset passwords, current and future encryption options, screen savers, data wiping services, and accessing sensitive data from outside of UNH. Go to cistraining.unh.edu to register.

View cis.unh.edu/itsecurity for information about minimum compliance standards with this policy at UNH. Please E-mail it.security@unh.edu with any questions or concerns.