IT reserves the right to lock NetID and other UNM computer accounts, and to require violators undergo education and training on the proper use of their accounts. In addition, IT will provide violators with a copy of UNM’s Acceptable Computer Use policy in either electronic or hard copy form. Certain locking violation could also result in disciplinary action by the University or in criminal prosecution.
As the first level of intervention, and to protect the UNM’s computer systems and resources, as well as personal and administrative data, Information Technologies (IT) will lock NetID accounts for the following reasons:
IT will lock the account of any NetID account holder who is discovered to have defeated, or attempted to defeat, IT security, auditing or accounting. Potential violations include scanning systems for vulnerabilities, attempting to access a protected data set, or modify a system file. IT will report the violation to the Dean of Students Office, the Office of the Provost or the staff supervisor for appropriate disciplinary action.
If a UNM employee is leaving the university under administrative leave, his or her manager/supervisor, or the BSA for that department, may request that the employee’s NetID account be locked. Requests may be phoned in to IT Security, 505.277.0930 for immediate locking. The manager/supervisor or BSA must follow up the request with an email or other documentation describing the reason for the locking request.
Accounts whose passwords have been compromised will either be locked or placed in the verification shell. Upon the next login attempt, the verification shell will require the person to enter personal information that should be known only to the legitimate account owner. If the individual cannot provide the correct information, the account will be locked. The account owner must contact IT Customer Support Services, 505.277.5757 to have the account unlocked.
IT immediately locks an account if there is adequate reason to believe the account has been compromised or stolen by an intruder.
Examples of adequate reason include existing evidence that the owner is not using the account, and the presence in the account of programs used exclusively for breaking computer security or damaging computer systems.
Following are specific situations that might indicate an account has been compromised or stolen and that could result in the locking of the account:
If a pay-for-use account is 90 days past due, and no payment is received within the next 30 days, the account will be locked. The account holder must contact the Support Center to request reinstatement of the account.
Department or organization multi-user accounts are subject to locking for any of the violations listed in this policy. Unlocking a multi-user account could take longer than an individual’s account because the investigation process is more complex. The designated department or organization representative must contact the Security Administrator or the BSA to have the account unlocked.
If a NetID holder receives harassing e-mail from another NetID holder, IT will lock the offender's account if:
IT will make an effort to contact the offender before locking the account and attempt to resolve the situation. In addition, IT will provide the victim with information on how to respond to harassing emails and deter future harassment.
Victims of harassment are advised to:
A third incident of misuse or abuse of IT system or network resources will result in the temporary or permanent account locking, depending on the nature of the violations. Certain kinds of misuse or abuse could result in disciplinary action by the University.
Examples of system/network misuse and abuse include, but are not limited to, the following:
First and Second Warning
After the first incident, IT will send an email to the account holder warning them of the violation. The account holder will also be provided with a copy of UNM’s Acceptable Computer Use policy.
If the account holder commits a second violation, IT will send a second warning e-mail. The offender will be required to certify by e-mail that they have read and agree to abide by the UNM’s Acceptable Computer Use policy.
After each violation the IT Security Administrator will contact the account holder by e-mail and explain how the offending activities caused a problem for IT systems.
After the third incident of misuse or abuse, IT will lock the account. A report of the violation will be forwarded to the Dean of Students Office, the Office of the Provost or the staff supervisor for possible disciplinary action. The offender must contact the IT Security Officer to receive training on the proper use of his or her account and must sign a User Reinstatement Form.
NetID accounts with multiple or varied off-site logins will be placed in the verification shell. Upon the next login attempt, the verification shell will require the user to enter personal information that should be known only to the legitimate account holder. If the user cannot provide the correct information, the account will be locked. The user must contact IT Customer Support Services, 505.277.5757 to have the account unlocked.
NetID account holders who commit a second locking violation after signing a User Reinstatement Form may be subject to losing their IT computing privileges permanently. The violation will be reported to the Dean of Students office, the Office of the Provost or the staff supervisor for possible disciplinary action.
IT computer pod managers may request that an account be locked for violations of UNM’s Acceptable Computer Use policy observed in IT computer pods. The pod manager will e-mail or meet with the offender to educate him or her about proper use as outlined in the Acceptable Computer Use policy.
Examples of violations that could result in account locking include:
The pod manager will send an e-mail to the offender summarizing their meeting. This email is cc ’d to the IT Security Administrator, and the Dean of Students, the Office of the Provost or the offender’s supervisor.