Non-Persistent Administrative Access Guidelines

Version 1.0

For Students, Faculty, Staff, Guests, Alumni

Sponsor

Office of Information Technology

Audience

Faculty, students, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors.

Effective Date

10/30/2023

Implementation Information

Review Frequency: Triennial
Responsible Person: Chief Information Security Officer
Approved By:  Chief Information Officer

Background Information

The purpose of these guidelines is to ensure licensed system administrators use non-persistent administrative access when managing and using University IT Resources.

Definitions

CyberArk Privilege Cloud enables organizations to securely store, rotate, and isolate privileged credentials, monitor sessions, and deliver scalable risk reduction to the business.

IT Resources include computing, networking, communications, application, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and related materials and services.

Guidelines Statement

  • CyberArk-licensed system administrators who use and manage IT Resources must use CyberArk for remote login and administrative access to servers (RDP, SSH, SFTP) in any of Fordham University’s PROD AD domains.
  • Licensed system administrators must set up an account to organize credentials and associated administrative accounts (i.e., A-) by accessing https://fordhampcloud.cyberark.cloud after the onboarding email from CyberArk is received and accepted.
  • Licensed system administrators can:
    • View and manage their inventory of privileged accounts and credentials, and
    • Isolate privileged sessions to prevent unauthorized access to sensitive data.
  • Contact Application and System Security at [email protected] with questions about CyberArk or assistance setting up an account.
  • If direct access (e.g., temporary vendor or admin) to the server is required, necessitating a bypass of CyberArk, a service ticket for approval can be created via the Fordham IT Service Portal.

Revision History

Version Date Description
1.0 10/30/2023 Initial document

 

Need Help?


Walk-In Centers

McShane Center 266 | RH
Leon Lowenstein SL18 | LC

View Our Walk-In Hours