MUSC Policy MUSC-xx: Network Access


Definitions:

Refer to MUSC Policy MUSC-xx: Information Security: Appendix A.

Policy:

Authorized users of the network

MUSC faculty, staff and students are the only persons authorized to connect computing and/or communication devices to MUSC's campus network. A device may be connected by one of these authorized users if and only if the device has been configured, and will be maintained and operated, in accordance with the minimum standards referenced in this document.

Visitors and guests on the MUSC campus, including vendors and contractors, may not connect any device to the MUSC network without explicit authorization from a member of the MUSC faculty or staff.

Accountability for each connected device

No device may be connected to MUSC's campus network unless an Owner has been designated for the device. The device's designated Owner is responsible for ensuring that the device is configured, maintained and operated in accordance with the minimum standards referenced in this document.

For any device connected by an MUSC faculty or staff member, or by an MUSC student, the individual who connects the device is held accountable as the Owner of the device, unless a different Owner has been designated.

For any device connected to the network by a visitor or guest of MUSC, the MUSC faculty or staff member who authorizes the connection is held accountable as the Owner of the device.

For any device connected to the network by a contractor, accountability for the device must be established by contractual terms.

Requirements for each connected device

MUSC may deny network connectivity to any device that does not meet the minimum standards referenced in this document. MUSC may remove (disconnect or quarantine) any device from the network, in the event that the device is interfering with other devices or resources on the network, or the device's presence on the network creates unacceptable security risks for MUSC.

Before any device may be connected to the network, the device's designated Owner must ensure that the device itself is protected against any reasonably anticipated security threats. In addition, the Owner is responsible for ensuring that adequate safeguards are in place to protect against any reasonably anticipated threats that the device, or any persons or agencies with access to the device, might pose to MUSC's network, or to any information resource accessible through MUSC's network. At a minimum, all applicable MUSC standards documents should be consulted prior to connecting any device to MUSC's network.

Sanctions:

Refer to MUSC Policy MUSC-xx: Information Security: Sanctions.

See Also:

MUSC Policy MUSC-xx: Information Security
MUSC Network Connectivity Standards
MUSC Workstation Security Standards

References:

HIPAA Security 164.308(a)(1)(i) Security management process
HIPAA Security 164.310(b) Standard: Workstation use
HIPAA Security 164.310(c) Standard: Workstation security
HIPAA Security 164.312(a)(1) Standard: Access control
$Id: network-access.html,v 1.4 2004/10/25 13:59:17 gadsden Exp $