The page uses Browser Access Keys to help with keyboard navigation. Click to learn moreSkip to Navigation

Different browsers use different keystrokes to activate accesskey shortcuts. Please reference the following list to use access keys on your system.

Alt and the accesskey, for Internet Explorer on Windows
Shift and Alt and the accesskey, for Firefox on Windows
Shift and Esc and the accesskey, for Windows or Mac
Ctrl and the accesskey, for the following browsers on a Mac: Internet Explorer 5.2, Safari 1.2, Firefox, Mozilla, Netscape 6+.

We use the following access keys on our gateway

n Skip to Navigation
k Accesskeys description
h Help

Request Information

Enter Your First Name.
Enter Your Last Name.
Enter Your E-mail Address.
Enter Your Phone Number
Enter Your Date of Birth.
Enter Your Address.
Enter Your City.
Enter Your Zip Code.
Enter Your Gender
Please select an area you are interested in from the dropdown.
choose the semester you plan to enroll at Chattanooga State.
Please submit any other information or inquiries in this box.
    Chattanooga State Technical Community College
   
 
  Dec 10, 2017
 
 
    
Policies

08:13:00 Computer Passwords


Technology Division
08:13:00 Computer Passwords

 
  1. Introduction: Tennessee Board of Regents Guideline G-51 Password Management requires all institutions to control user access to information assets based on three separate areas: individual accountability, need to know, and least privilege.The purpose of this policy is to establish a minimum standard for creation of strong passwords, the protection of those passwords, and the frequency of change to ensure protection of institutional information assets.
  2. A combination of a personal user login id or identification and a unique  password for authentication will be required of all users before they are allowed access to institutional networks and systems. Everyone, (students, faculty, staff, adjuncts, contractors and vendors, etc.), that require this access is provided an individual user-id and password. At Chattanooga State Community College, this is referred to as the user's TigerID and password.
    1. Through SSO (single sign on) capability, this Tiger ID and Technology Division accompanying log in on password is the same logon credentials for Microsoft initial login; Tiger Web and email. It's the same for whether the user accesses these systems through hardwired systems and/or mobile devices.
    2. Any computer, laptop, printer, or device that an authorized user connects to the campus network is subject to this policy. Authorized users accessing institutional computing resources and network with their own personal equipment are responsible for ensuring the security and integrity of the systems they are using to establish access.
    3. Guest, unauthenticated access may be provisioned commensurate with usage and risk. For specific instructions on obtaining access for a guest, please technology web page and click on "Access."If group access is needed for classes for other than Chattanooga State students, etc., go to the technology web page and click on Sponsored Accounts.
  3. All user access must be authenticated. Requirements for audit purposes require that actions taken on a computer system be traced back to a specific user-id, so users are responsible for any action taken by their user-id. All users of secure systems must be accurately identified, a positive identification must be maintained throughout the login session, and actions must be linked to specific users. Only in specific designated areas are general use user-ids and passwords permitted.
  4. The effectiveness of passwords to protect access to the institution's information directory depends on strong construction and handling practices.
    1. Users are required to select a new password immediately after their initial login.
    2. All user level passwords, (e.g., email, web, desktop computer, etc.), especially those users who process or access restricted data, (such as protected health information, student FERPA (Family Educational Rights and Privacy Act) data, Social Security Numbers, PCI (Payment Card Information) or other personally identifiable information), will be required to change their passwords at least every 120 days. This is an automated access change request.
    3. Users should immediately change their password if they suspect it has been compromised.
    4. User accounts that have system-level privileges granted through group memberships or programs must have a unique user-id and password from all other users on that account.
    5. User passwords will be automatically locked out after five attempts to login. Banner system allows only three attempts before locking out. Users will need to enter a service request through the technology service request system. Each password reset due to the five failed login attempts or three failed login attempts (Banner) will be tracked to ensure security of the account. Each password reset due to the five failed login attempts or three failed login attempts (Banner) must be entered into the daily log by anyone resetting the password. Password accounts not used for 365 days will be disabled and reviewed by Technology and appropriate supervisor for possible deletion.
  5. Passwords must not be inserted into email messages or other forms of electronic communication, unless encrypted. The following requirements apply to end-user password management.
    1. Passwords must not be stored in a manner, which allows unauthorized access.
    2. Passwords will not be stored in a clear text file.
    3.   Passwords must not be stored in a manner that allows unauthorized access - including writing them down and storing them in the user's office.
    4. Do not use the "Remember Password" feature of applications (e.g., Outlook, etc.)
    5. Don't store passwords in a file on ANY computer system (including mobile devices) without encryption. Passwords should not be visible on a screen or hardcopy.
  1. All user passwords that allow access to all institution networks and systems must be constructed using the following criteria where technically feasible.
    1. Must be a minimum of 8 characters in length
    2. Must be composed of a combination of at least three of the following four types of characters:
      • Upper case alphabetic character;
      • Lower case alphabetic character;
      • Numeric character;
      • Non-alphanumeric character. (If feasible as some systems do not recognize certain non-alphanumeric characters.)
  2. Automated security time-out is required on user desktops. An automated time out feature has been implemented to restrict unauthorized viewing of information. Passwords will need to be entered to reconnect.

 

References:

  1. State of Tennessee Department of Finance and Administration Strategic Technology Solutions 2:01, 12/15/2016
  2. Tennessee Board of Regents (TBR) Information Technology Policy 1:08:00:00, 9/26/2014
  3. Tennessee Board of Regents (TBR) Password Management G-051, 9/26/2014
  4. Tennessee Board of Regents (TBR) Policy G-052 Access Control, 9/26/2014                                                                    

 

Policy Change

 

Division Name: Technology Division

 

Policy Number and Title: 08:13:00 Computer Passwords

  1. Reformatted the whole policy to new format.
  2. All pages - Information Technology Services was changed to new division name - Technology Division.
  3. Section B, para 3 was added: Guest, unauthenticated access may be provisioned commensurate with usage and risk. For specific instructions on obtaining access for a guest, please Technology Web Page and click on "Access."  If group access is needed for classes for other than Chattanooga State students, etc., go to the Technology Web Page and click on Sponsored Accounts.  
  4. Section D, para 5 added: Users will need to enter a service request through the Technology Service Request system. Service tickets are found on the service desk.Chattanoogastate.edu webpage. Each password reset due to the five failed login attempts or three failed login attempts (Banner) will be tracked to ensure security of the account. Users will need to notify someone in the Server and SAN Technology department or enter a service request through the Technology Service Request system. Each password reset due to the five failed login attempts or three failed login attempts (Banner) will be tracked to ensure security of the account.

 

 

Dr. Rebecca Ashford, President                                                                                                     October 24, 2017

Signature                                                                                                                                              Date Approved