Date Approved: August 30, 2007
Effective Date: August 30, 2007
Responsible Official: Chief Information Security Officer
Responsible Office: [U]Tech Information Security Office
Revision History: Version 1.0; dated May 20, 2011
Related legislation and University policies: N/A
Review Period: 5 Years
Date of Last Review: May 20, 2011
Related to: University managed IT infrastructure and systems
Purpose
The CWRU logon banner policy standardizes the implementation of logon banners for IT systems in the University's computing environment.
Scope
This policy applies to all information technology systems that process information at Tier 2 and Tier 3. This also applies to all systems that use the CWRU network infrastructure.
Cancellation
Not applicable.
Policy Statement
General
All IT systems that display a user login which is visible to the general public shall display the University's login banner. The banner notifies any person encountering or using CWRU IT resources of the requirement to adhere to the CWRU Acceptable Use Policy. The banner also serves to notify any person who accesses a CWRU system of the private nature of our networked environments, and that monitoring is taking place to ensure authorized use only.
Network Applications and General Desktop Use
The standard login banner is:
Warning!
This is a private system. Unauthorized access to or use of this system is strictly prohibited. By continuing, you acknowledge your awareness of and concurrence with the Acceptable Use Policy of Case Western Reserve University. Unauthorized users may be subject to criminal prosecution under the law and are subject to disciplinary action under University policies.
It is understood that not all warning banner implementations will support a direct linkage to the Acceptable Use Policy, but for web-service based logins, the banner shall include the hyperlink in the text.
Handheld Computing Devices
Many handheld devices have a smaller buffer space for a banner message. The modified banner for handheld devices (Blackberry, WinCE, Palm OS, etc. ) is:
Warning! This device is the property of Case Western Reserve University. Unauthorized access to or use of this device is prohibited and may subject you to legal prosecution of disciplinary action.
Responsibility
Systems administrators are responsible for implementing warning banners where applicable in their systems. This includes, for example, remote access banners for ssh, ftp, or nfs services.
Definitions
Banner: a text display message that is presented to a users via either the graphical or command line interface.
Blackberry: A handheld computing device that runs the RIM Blackberry OS. These devices often include cellular telephone, email, and calendar software and services.
WinCE: A handheld computing device that runs the Windows Mobile OS.
Palm OS: A handheld computing device that runs the Palm OS.
Standards Review Cycle
This standard will be reviewed every two years on the anniversary of the policy effective date, at a minimum. The standard may be reviewed on a more frequent basis depending on changes of risk exposure.