Policies and Procedures

Password Requirements

Policy Details

Information Security
Policy Name Password Requirements
Policy Approved By Senior VP of Business Affairs/CFO
Effective Date 06/01/2018
Policy Objective The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change. This policy reinforces information security by establishing a strong but reasonable password management practice.
Scope The scope of this policy includes all personnel who has access to the colleges information systems.
Defined Terms Passwords – A secret word or phrase that must be used to gain admissions or access to something.

Phishing – A fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by discussing as a trustworthy entity in an electronic communication.
Policy Statement The protection of confidential information and other sensitive data on the network is a fundamental responsibility of every employee and student at the college. Passwords are the keys that control access to this information.
Passwords creation guidelines should be as follows:

• Be a Minimum of 8 characters

• Contain at least three of the 4 following password complexity requirements
- Lowercase alpha characters (e.g. a, b, c, d, e, …z)
- Uppercase alpha characters (e.g.. A, B, C, D, E, … Z)
- Numbers (e.g. 1, 2, 3, 4, 5, …9)
- Special characters or punctuation (e.g. ! @ # $ % ^ & * + > < { } ?)

• Not be based on personal information (names of family, pets, etc.)

Passwords shall be changed at a minimum of every 90 days (3 months), and the last six passwords cannot be reused. Users shall note that anytime there is a change in password, it must be updated on all devices that use the Company’s password, including smartphones, tablets, and laptops.

All passwords should be treated as confidential information. This password shall be unique from every other password the user has. Passwords shall never be written down or recorded along with corresponding account information or usernames. Passwords shall not be shared with any other individual. Users should always be mindful of their surroundings when entering their password (e.g. ensuring no one is looking over their shoulder). If the password is forgotten, users must contact the IT Department for password reset. In the event that you suspect your account of password to be compromised in any way, immediately report the incident to your immediate supervisor or Client Services.

The IT Department will never send an email message or make a phone call asking for the user’s password. If such a request is received, consider it a forgery (i.e. a phishing scam). Your password should never be provided to anyone including anyone from IT, when working with IT on an issue if your password is required you will be asked to type it in.
Roles and Responsibilities Employees and students are responsible for reading, understanding and complying with the statements in this policy.


Email Support Policy

Email Account
Information Technology provides email service for faculty and staff. An email account and mailbox are automatically created for you upon your affiliation with Columbia College Chicago. Email is considered an official form of college communication and should be checked regularly.

Email usernames are created using the following format:

First Letter of first name and last name (faculty and staff as listed in HR system)

Example: John M. Doe

Username: jdoe

Email address: jdoe@colum.edu

If this username has already been used, additional numbers may be appended to the end to create a unique username.

Email can be accessed from on or off campus using the Exchange Web-Mail interface at mail.colum.edu.

All mailboxes have maximum size restriction of 2GB. If you exceed your mailbox quota, you will be prohibited from sending messages until you have reduced your mailbox size to be within the limit of your quota.

Email Clients Supported by IT
There are numerous clients that connect to Microsoft Exchange and not all of them are capable of utilizing the entire functionality of Exchange. To enjoy the full features of Exchange we recommend and support only the following email clients:

Exchange Web-Mail Client: https://mail.colum.edu
Microsoft Outlook for Mac (2011 and 2016)
Microsoft Outlook for Windows 7, 8, 10 (2010, 2013, 2016)

Due to the high percentage of Macintosh computers on campus we also support Apple Mail.

Email Auto-Forwarding
Email is considered an official form of college communication and is maintained on the College’s email system. Columbia College Chicago does not support or provide auto-forwarding of email to personal email accounts or other email systems.