This is draft documentation for the new Information Security Policy. We are actively developing this content and are soliciting feedback on it.
The university owns all IT accounts, including NetID. These accounts are created and provisioned to users for the purposes of accessing university IT resources, such as email, file storage, and the campus wired and wireless network.
All users have a responsibility to protect the university accounts under their care. Protection of these accounts may vary according to the risk that they present. Accounts with enhanced elevated privileges may have additional requirements.
At a minimum, all IT accounts must adhere to the following:
Accounts requiring passwords must, at a minimum, adhere to the password complexity requirements as the system allows and as described in Password Complexity Requirements. Passwords can be more complex than these requirements to further reduce risk or comply with specific compliance requirements.
The university assigns individual IT Accounts to eligible members of the UMASS community. The UMASS Amherst Information Security Policy explicitly prohibits the sharing of individual account credentials. Sharing account credentials, such as passwords, with others potentially puts your personal information, institutional information and research data at risk, and make it vulnerable to misuse.
For accounts that are designed to be shared, such as Department or Course Subsidiary Accounts, precautions should be taken to make sure the credentials are used in an authorized manner, and only by authorized people.
Passwords must not be transmitted by insecure methods, such as email, chat, etc. Note that the UMass Amherst IT Help Center will never ask for your account information via email.
Do not use your IT Account password for other non-UMASS services (e.g., bank account, social media, online shopping, non-UMass email address). It is recommended that you use unique password for all your different accounts. If your password is compromised, all the accounts using the password are potentially at risk.
If you suspect that your UMASS account password has been stolen or compromised, change all of the relevant UMASS account passwords immediately. For information on changing your IT account password in Spire see: Change your IT Account password.