MUSC Policy: Information Security - Network Access

 TITLE: Information Security  ID:
 ORIGINATOR: Information Security Office  DATE: Jan 5, 2005
 REVIEWED: President's Council  DATE: Feb 16, 2005
 APPROVED: Raymond S. Greenberg, MD, PhD  DATE: Feb 16, 2005
 IMPLEMENTATION: Enterprise-wide  DATE: Feb 16, 2005

1. RATIONALE

Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:

HIPAA Security: 164.308(a)(1)(i) Security management process
HIPAA Security: 164.310(b) Standard: Workstation use
HIPAA Security: 164.310(c) Standard: Workstation security
HIPAA Security: 164.312(a)(1) Standard: Access control

2. POLICY

Only MUSC's faculty, staff and students are authorized to connect devices to MUSC's campus network. Any device that is connected to MUSC's network must be configured, maintained and operated by its designated Owner in accordance with the minimum security and connectivity standards set by MUSC.

3. PROCEDURES

3.1. Definitions

Refer to MUSC Policy: Information Security: Appendix A.

3.2. Authorized Users of the Network

MUSC faculty, staff and students are the only persons authorized to connect computing and/or communication devices to MUSC's campus network. A device may be connected by one of these authorized users if and only if the device has been configured, and will be maintained and operated, in accordance with the minimum standards referenced in this document.

Visitors and guests on the MUSC campus, including vendors and contractors, may not connect any device to the MUSC network without explicit authorization from a member of the MUSC faculty or staff.

3.3. Accountability for Each Device

No device may be connected to MUSC's campus network unless an Owner has been designated for the device. The device's designated Owner is responsible for ensuring that the device is configured, maintained and operated in accordance with the minimum standards referenced in this document.

For any device connected by an MUSC faculty or staff member, or by an MUSC student, the individual who connects the device is held accountable as the Owner of the device, unless a different Owner has been designated.

For any device connected to the network by a visitor or guest of MUSC, the MUSC faculty or staff member who authorizes the connection is held accountable as the Owner of the device.

For any device connected to the network by a contractor, accountability for the device must be established by contractual terms.

3.4. Requirements for Each Device

MUSC may deny network connectivity to any device that does not meet the minimum standards referenced in this document. MUSC may remove (disconnect or quarantine) any device from the network, in the event that the device is interfering with other devices or resources on the network, or the device's presence on the network creates unacceptable security risks for MUSC.

Before any device may be connected to the network, the device's designated Owner must ensure that the device itself is protected against any reasonably anticipated security threats. In addition, the Owner is responsible for ensuring that adequate safeguards are in place to protect against any reasonably anticipated threats that the device, or any persons or agencies with access to the device, might pose to MUSC's network, or to any information resource accessible through MUSC's network. At a minimum, all applicable MUSC standards documents should be consulted prior to connecting any device to MUSC's network.

3.5. Applicable Standards

MUSC Information Security Standards: System Security
MUSC Network Connectivity Standards

3.6. Sanctions

Refer to MUSC Policy: Information Security: Sanctions.

3.7. See Also

MUSC Computer Use Policy
MUSC Policy: Information Security

4. ACCESS

This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.