Request accessible format

The accessibility of NIC.edu is extremely important to us! If you encounter any barriers and need assistance, please contact accessibility@nic.edu.

3.08.05 - User Authentication

Policy Title: User Authentication

Impact: Employees, Students, Affiliates

Responsibility: Chief Information Officer

Effective Date: 3/28/2018

Revised Date:

Reviewed Date:

Relates to Procedure(s): 3.08.05

Legal Citation(s):

Identification, Authentication, and Authorization are controls that facilitate access to and protect North Idaho College (NIC) information technology (IT) resources. 

NIC’s Information Technology (IT) department assigns a unique identifier and user credentials for identification and authentication purposes to individuals who have a business or educational need to access non-public NIC IT resources.

Authorization for NIC resources will depend on the individual’s relationship, or relationships, to NIC and the requirements associated with that relationship.

  1.  Definitions

    1. “Affiliate:” refers to any authorized individual, business, or organization connected to NIC, authorized to act on behalf of NIC, or authorized to conduct work related to NIC needs.
    2. “Authentication:” The process through which a user proves his or her identity by providing sufficient user credentials.
    3. “Authorization:” The process of determining which services, privileges, and resources a user is entitled to access. “Information Technology” or “IT” resources refers to any resource related to the access and use of digitized information, including but not limited to hardware, software, devices, appliances, and network bandwidth.
    4. “Identification:” The process of establishing user credentials in order to access and use NIC resources.
    5. “User Credential:” Information used to access NIC IT resources.
  1.  
  1.  
  1.  
  1.  
  1.  
  1.  
  1.  

Procedure Title: User Authentication

Impact: Employees, Students, Affiliates

Responsibility: Chief Information Officer

Effective Date: 3/28/2018

Revised Date:

Reviewed Date:

Relates to Policy(s): 3.08.05

Legal Citation(s):

To access North Idaho College (NIC) accounts, associated data, computing and network resources, NIC requires users to authenticate using the combination of a username and secure password that meets or exceeds the minimum requirements defined by NIC.

This procedure applies to all faculty, staff, students, and third-party agents of NIC as well as any other NIC affiliate authorized to access NIC Information Technology (IT) resources using a user credential.

I. Responsibilities of all users

  1. NIC accounts, access, and passwords are the responsibility of the individual to whom the account is assigned.
  2. Users are responsible for the maintenance and confidentiality of their passwords.
  3. If a user suspects that their account or password has been compromised, they must report this issue to the NIC IT helpdesk immediately.

II. User account creation

NIC users who have a legitimate need to acquire access to non-public resources are issued a unique user account for authentication.

  1. Account creation will be determined by the NIC IT department. All enrolled students, employees, or other approved affiliates will be issued an account.
  2. NIC contractual obligations or software licensing terms may limit the ability to allow access to specific resources.

III. Secure Passwords/Passphrase Requirement

All users should create a strong password or passphrase for their user account.  NIC IT department will maintain guidelines and standards for creating passwords and make them available to all users.

IV. Account deletion and disabling of access

Access to an account shall be disabled or removed when a user no longer meets the criteria for access. The NIC IT department will maintain guidelines related to the deletion and disabling of accounts at NIC.

V. Enforcement

Regarding employees and other affiliates, the consequences of policy violation will be commensurate with the severity and frequency of the offense and may include termination of employment or contract.

Regarding students, the consequences of policy violations will be commensurate with the severity and frequency of the offense and may include suspension or expulsion.

Violations of this policy will be addressed in accordance with appropriate NIC policies and procedures, as issued and enforced by the appropriate authorities.

Violations of any local, state, or federal law will be reported to law enforcement.

Consequences of policy violation may include, but are not necessarily limited to, the following:

  1. Notification: alerting a user to what appears to be an inadvertent violation of this policy in order to educate the user to avoid subsequent violations.
  2. Warning: alerting a user to the violation, with the understanding that any additional violation will result in greater penalty.
  3. Loss of computer and/or network privileges: limitation or removal of computer and/or network privileges, either permanently or for a specified period of time.
  4. Penalties: if applicable, the violator may be subject to criminal or civil penalties.

VI. Appeal

For employees, an appeal of actions taken which result in an unresolved dispute will be handled via the Grievance Policy and Procedure.  For students, all provisions of the Student Code of Conduct shall apply.

VII. Maintenance

This procedure will be reviewed by NIC’s Chief Information Officer (CIO), IT Department, and the IT Policy and Planning Council every three years or as

deemed appropriate based on changes in technology or regulatory requirements.

VIII. Exceptions

Exceptions to this procedure must be approved by the NIC IT Department and formally documented under the guidance of the CIO and President’s Cabinet.