|Oversight Unit:||INFORMATION TECHNOLOGY-TECHNICAL SERVICES|
|This policy has a related procedure. Click to view the procedure below.|
This policy identifies and governs authentication controls to protect data and privacy.
All users of NMU network resources, including but not limited to Faculty, Staff, Retirees, and Students. The Policy applies to administrative data, systems that access university data, media that store data, and other data as determined by the Chief Information Security Officer (CISO).
Northern Michigan University’s CISO or designate will develop and implement appropriate password controls for NMU’s network systems. The controls will be documented in procedures approved by the CISO.
Last update: 10/1/2020
Definition: Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). In the case of NMU, the first authentication method must be a password. There are several options for secondary authentication, including an authenticator application, the device’s built in security key, external USB or similar security key, and backup codes.
Using various tools, NMU will assign a strength score to each user’s password. The use of multi-factor authentication will determine the need and frequency for a password change. In an effort to better protect and secure the information and privacy of the Faculty, Staff, and Students of Northern Michigan University, the following authentication procedures will be required:
The new policy will take effect on 10/1/2020 and will be used for all subsequent password creations and changes.