AC-002.04 – Net ID Account Management

Responsible Office: Office of Cybersecurity

Last Review: 10/21/2021

Next Review: 10/21/2023

Contact: Chris Madeksho

Phone: 901.448.1579

Email: mmadeksh@uthsc.edu

Purpose

Members of the UTHSC community are issued a UT-wide identifier called the NetID. When access to UTHSC networks, systems, or applications is required, they are supplied with a unique user identifier (the NetID) and a password; referred to as credentials. The purpose of this document is to document the procedure for creating and deleting credentials based on the NetID. This standard is also designed to meet compliance requirements for data regulated by federal or state law. This includes, but is not limited to, security requirements and safeguards for the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), or Gramm-Leach-Bliley Act (GLBA).

Scope

This practice applies to all members of the UTHSC community who have been granted access to any UTHSC system or data by means of an authenticator, based on a unique user account based on the UTHSC NetID and password, i.e. credentials).

Definitions

NetID – Network Identifier, a unique identifier for an entity throughout the University of Tennessee system

Sponsored NetID – a NetID not automatically generated for an active faculty, staff or student, but for someone affiliated with the University that needs access to specific systems. This type of NetID must be requested by a supervisor, business manager, or department head and approved by Human Resources.

Responsibilities

The NetID user is responsible for abiding by all policies and procedures of the University as well as applicable laws and regulations.

Information Technology Services Systems Administrator is responsible for establishing sponsored NetIDs.

Practice

  1. Student NetIDs and credentials are created when students are accepted to the UTHSC unless the individual previously has been issued a University of Tennessee NetID. Student credentials will be expired if a student has not registered for one year.
  2. Faculty and Staff NetIDs and credentials are created at the commencement of employment at the University of Tennessee.
  3. Even though the association between an individual and a NetID survives enrollment or employment, access to systems and applications with a NetID and the use of the credentials will be disabled as appropriate.
  4. Faculty and Staff credentials are disabled 30 days after termination of employment, unless an active status is maintained at the University of Tennessee.
  5. UTHSC supervisors, business managers, and department heads may sponsor NetID accounts for official guests with a relationship to the University of Tennessee.
    1. Human Resources (HR) approves all requests for a Sponsored NetID.
    2. Requests must be sent to the HR request form. Any requests sent directly to Information Technology Services (ITS) will be result in the requestor being redirected to the aforementioned form.
    3. If HR approves the sponsorship, they will initiate a request for NetID creation to ITS. NOTE: Based on the nature and duration of the person’s work, HR may notify the sponsor that the sponsoree will have to be entered into IRIS with the status of Friend instead of being sponsored.
    4. Sponsored NetIDs should only be granted to individuals who are affiliated with the University in a position to help support UTHSC’s mission and achieve the goals of the University
    5. Sponsored NetIDs must be renewed annually.
  6. All types of credentials are disabled and deleted after a person is recorded as deceased.
  7. Credentials are expired as indicated, unless earlier termination is requested through UTHSC Human Resources for UTHSC employees, or by the Vice Chancellor of Academic, Faculty, and Student Affairs for UTHSC students.
  8. Exceptions to this Practice should be requested using the process outlined in Practice-Infosec-GP-001.02 Security Exceptions and Exemptions to ITS Standards and Practices.

References

  1. AC-001-Access Controls
  2. AC-002-Authentication
  3. GP-001.02 Security Exceptions and Exemptions to ITS Standards and Practices