A. Controlling Access: The computer and communications system privileges of all users, systems and programs must be restricted, based on the need to know.
B. Automatic Log Off: If there has been no activity on a computer terminal, workstation or computer (PC) for fifteen (15) minutes, the system will automatically terminate any session initiated by IMS personnel. Reestablishment of the session must take place only after the user has provided the proper password.
C. Physical Security Measures For Computers And Communications Systems: Buildings which house Salt Lake City Corporation computers or communications systems must be protected with physical security measures that prevent unauthorized persons from gaining access.
D. Use Of Personal Computer Systems On Salt Lake City Property: Users must not connect their own computers or computer peripherals into the City's network, or load their personal computer software on City computer equipment without prior authorization from their department head.
E. Moving Microcomputer Equipment:
1. Computer equipment, such as PCs, printers, etc., under IMS maintenance and support may not be moved without the prior notification and participation of Information Management Services personnel. IMS requires a minimum of five (5) business days' notification prior to the proposed move to allow scheduling of personnel and needed equipment. A move of equipment is not covered under service or maintenance and is on a time and materials basis.
2. This chapter does not apply to minor moves within the user's personal work area (e.g., moving a system from the left side of a desk to the right side).
F. Alteration/Expansion Of Computers: Computer equipment under IMS maintenance and support may not be altered, modified or upgraded in any way without knowledge and authorization of IMS.
G. Prohibition Against Personal Computer Modems In Auto Answer Mode: Users must not leave modems connected to personal computers in auto answer mode in such a way that they are able to receive incoming dial-up calls.
H. Security Notice In System Login Banner:
1. Every login process for multi-user computers must include a special notice. This notice must state: a) the system is to be used only by authorized users; and b) by continuing to use the system, the user represents that he/she is an authorized user. In addition, specific information about the organization, the computer operating system, the network configuration or other internal matters must not be provided in the login banner until a user has successfully provided both a user ID and a password.
2. For legal reasons, in many jurisdictions, it is wise to put all users on notice that the involved system is to be used only for authorized purposes. In the event of a prosecution against those who entered the system unlawfully, one of the most successful defending claims is that there was no notice saying they could not enter. Recent court cases have highlighted the need for organizations to put unauthorized users on notice that their systems are off limits. As a result, a system login banner, displayed each time a user logs in, should provide the electronic equivalent of a no trespassing sign. Our current model requires this only for those logging in with VPN logins. (2019 Compilation)