Security Standard: Account Management

Security Standard: Account Management


This standard applies to all RIT Information and Information Resources.  


Requirements for All Accounts

The following security controls are required to be implemented on all accounts:

1.      Account Authentication

1.1.   End user account authentication should use the enterprise identity and access management service when the system or application processes Private, Confidential, or Critical Process information. 

1.2.   The use of the enterprise authentication service by an application should be authorized by the Authentication Service Provider and the security reviewed by the Information Security Office.

1.3.   Password... ...

Account Management Standard

Account Management Standard

The Account Management Standard provides requirements around creating and maintaining user and special accounts. The primary audience for the standard is account administrators. However, there are reporting requirements pertaining to personnel and roles and responsibility changes for managers as well.

Documented Standard

Current Account Management Standard (comply by 1/23/15)
  • ... ...

Using LinkedIn’s New Two-Factor Authentication

Using LinkedIn’s New Two-Factor Authentication

The growing trend in sites adding two-factor authentication to their log in process has many feeling more secure in their social media and other online interactions.

With passwords being easy to compromise with phishing attacks, many users have been hoping for something more secure.  Two-factor authentication gives a double protection on your account, requiring you to know something (your password), and have something in your possession (a... ...

Authentication Service Provider Standard

Authentication Service Provider Standard

The Authentication Service Provider Standard contains requirements for administrators, especially those using the RIT centralized authentication system.


The Authentication Service Provider Standard will retire on January 23, 2015.

Effective January 23, 2015, the Account Management Standard will supersede the Authentication Service Provider Standard.

Server Security Standard

Server Security Standard

The Server Standard provides requirements for server configuration and use at RIT.

A list of ISO-approved security assessment tools, HIPS programs, secure protocols, and a sample trespassing banner can be found in the Technical Resources

What does the standard apply to?

All servers (including production, training, test, and development) and the operating systems, applications, and databases as defined by this standard.

The standard does not apply to individual student-owned servers or faculty-assigned student servers for projects; however, administrators of these servers are encouraged to meet the Server Standard.

Recommended Strong Authentication Practices

The RIT Information Security Office recommends that all systems requiring strong... ...