User account policy
A user account policy is a document which outlines the requirements for requesting and maintaining an account on computer systems or networks, typically within an organization. It is very important for large sites where users typically have accounts on many systems. Some sites have users read and sign an account policy as part of the account request process.
- Should state who has the authority to approve account requests.
- Should state who is allowed to use the resources (e.g., employees or students only)
- Should state any citizenship/resident requirements.
- Should state if users are allowed to share accounts or if users are allowed to have multiple accounts on a single host.
- Should state the users’ rights and responsibilities.
- Should state when the account should be disabled and archived.
- Should state how long the account can remain active before it is disabled.
- Should state password construction and aging rules.
Some example wording: “Employees shall only request/receive accounts on systems they have a true business need to access. Employees may only have one official account per system and the account ID and login name must follow the established standards. Employees must read and sign the acceptable use policy prior to requesting an account.”