Computer Security Policy

Originally Issued: November 2012

Contacts: Don Diener Lori Temple

Download Policy Document Download Procedure Document

Policy

A user name and password are required to access all university-issued computers. All university-issued computers must have current antivirus software installed with up-to-date virus definitions. Computer operating systems must be kept updated to current OIT-approved levels. Computers or computer screens must be set to require a password after a period of inactivity.

Statement of Purpose

The purpose of this policy is to:

  • Maintain a safe and secure campus computing environment.
  • Meet best practice computer security standards.
  • Comply with federal and state regulations.

Entities Affected by Policy

Entities affected by this policy include anyone who uses a university-issued computer.

Who Should Read This Policy

Anyone who uses a university-issued computer should read this policy.

Exceptions

To request an exception, please complete the Policy Exception Form.

Exception requests will be processed within 10 business days of receipt of the request.  If an exception is created, the exception will be audited on an annual basis. The owner of the system or a listed designee must respond to the annual audit and verify that the exception is still required.

Changes to the exception may only be requested by the system owner or a documented designee appointed by the owner.

Frequently Asked Questions

What is the Computer ​Security Policy?

The security policy is a set of requirements to help UNLV maintain a safe computing environment on campus.   The policy requires that all computers at UNLV be protected by a password to gain access to the computer; all computers have an antivirus application actively running and maintained with current definitions from the software publisher; all operating systems must have all security patches released applied; all computers must engage a lock screen after a period of time, which requires a password to be used to gain access to the computer.

Why is the Computer Security Policy being implemented?

The policy is being implemented as a result of guidance provided through the NSHE Security Audit conducted in the Spring of 2011. The security audit directs UNLV to adhere to the NSHE Procedures and Guidelines manual (PGM).  The policy also supports industry best practices. 

What is a UNLV computer?

Any university-issued desktop, laptop or tablet computer which is listed as property of UNLV/NSHE and/or tagged with a UNLV property number. 

How will the Computer Security Policy affect my daily work at UNLV? 

OIT will start helping to manage security updates on campus computers we support, as well as ensuring anti-virus is running and up to date. Watch for more information regarding UNLV Smart Computing.  You will need to ensure your passwords are secure, changing them as needed.   You also need to set up your computer to time out and lock the screen if you are not using it.  They can be configured to lock after 15 minutes of inactivity to meet this requirement, and you can lock your screen manually any time you walk away from your computer.  After locking, you will need to log back in to continue use.   

What if I cannot adhere to the policy?

You can ask for policy exceptions by completing the Policy Exception Form.  If your computer is granted an exception from the Computer Security Policy, you will have the responsibility of maintaining the security of the computer, and the data on it, to the same levels as the policy requires.  Exceptions may be necessary in the case of special applications or other business or research needs. 

Some devices are exempt from the policy by default because they are unable to technically meet these requirements.  If you are using such a device, you are still responsible for maintaining security of the device and the data on it.  Examples of such devices currently include, but are not limited to, iPads and Blackberries. 

I am running Linux/UNIX on my computer, how does the Computer Security Policy affect me?

If your machine is running Linux/UNIX you must maintain your computer to the same level as expected for OIT to maintain all other computers on the campus. 

My computer contains an antivirus application that is not maintained by OIT, how does the Computer Security Policy affect me?

If you’re using another application besides Symantec you will need to keep the definitions up-to-date.

My lab computers are not connected to the network, how does the Computer Security Policy affect me?

Even though your computer is not connected to the network, you were still expected to maintain your computer to the same level as the Computer Security policy requires.

How can I create a strong password? 

Your password must be eight or more characters in length and include at least three of the four types of characters: upper case letters, lower case letters, symbols and numbers. Some examples of strong, secure passwords are below (please create your own and do not use these): 

  • Dtz2w4T$
  • &DkkJ#3jm2ht
  • AD3^dned7