Acceptable Uses of IT Infrastructure and Resources Policy Statement
1. User Responsibilities and Statement of Prohibited Uses
A. Spirit of Use
Only authorized Users have the privilege to access and use the University's IT Resources. Access and use are limited to the purposes that are consistent with the instructional, research, and administrative goals and mission of the University.
All Users are expected to respect the privacy and personal rights of others and to be professional and respectful when using IT Resources to communicate with others. The use of IT Resources to libel, slander, or harass any other person is not allowed and could lead to University discipline as well as legal action by those who are the recipient of these actions. Users are bound by federal and local laws relating to civil rights, harassment, copyright, security, and other applicable statutes relating to the use of IT Resources. Users are prohibited from using IT Resources for political purposes, personal economic gain, or in a manner that could jeopardize the University's tax-exempt status.
B. User Names
The University recognizes that a common practice in computing, online or otherwise, involves the use of a username, login, or AccessIT ID that may be different from the User's legal name.
Users may not use the IT Resources under a false name, identification, email address, signature, or other media of any person or entity without proper authorization. The University prohibits such use of a username for the purposes of misrepresentation.
When choosing a password for access to the IT Resources, Users should follow the guidelines set forth below to prevent unauthorized access:
- Use a different password for each account;
- Use passphrases (e.g., movie phrase, book quotes);
- Use long passwords (recommended more than twelve characters), and;
- Do not write down your password(s) or store them in an unsecured manner.
- Avoid using:
- Birth dates;
- Names (first, last, or any combination of your first and last names);
- Unaltered words that could be found in a dictionary on their own, including non-English words, and words spelled backward;
- Telephone numbers;
- Social Security numbers;
- Fordham Identification Numbers (FIDN); and
- Alphabet or keyboard sequences (e.g., "QWERTY").
Your password must:
- Be eight characters or more;
- Contain at least one number;
- Contain at least one uppercase and one lowercase character;
- Be changed every 180 days and not be reused; and
- Not contain any of the following special characters: "@", "&", or "/".
D. Additional Responsibilities
All Users must comply with the standards and responsibilities of acceptable use as defined in:
- All applicable provisions of the University Code of Conduct, employee handbooks and agreements, student handbooks and other policies and procedures established by the undergraduate, graduate, and professional schools of the University;
- All local, state, federal, and international laws;
- All application and software license agreements owned and managed by the University;
- The legal and educational standards of software use as published in the EDUCOM Code; and
- IT policies listed on the IT Policies, Procedures, and Guidelines webpage.
Users also are responsible for:
- Self-policing of passwords and access codes as set forth above;
- Respecting authorial integrity and the intellectual property rights of others;
- Respecting and protecting the confidentiality, integrity, and availability of all University IT Resources; and
- Properly backing up appropriate User IT Resources, software, and data as per the IT Backup Policy listed here.
E. Additional Prohibited Uses
Users are prohibited from accessing or using IT Resources to:
- Send unauthorized mass mailings to newsgroups, mailing lists, or individuals, including, but not limited to, unsolicited commercial email (commonly known as spam), floods, and bombs;
- Give others unauthorized access to any User account or the IT Resources;
- Improperly use, interfere with, dismantle, disrupt, destroy, or prevent access to, any portion of the IT Resources;
- Violate or compromise the privacy, or any other personal or property right, of other Users or third parties;
- Disguise or attempt to conceal the identity of the account or other IT Resource being used including spoofing resource addresses, impersonating any other person or entity, or misrepresenting an affiliation with any other person or entity (see the IT Anti-Spoofing Policy for more details);
- Engage in wasteful use of IT Resources or which unfairly monopolizes them to the exclusion of others;
- Interfere or degrade security controls of the IT Resources;
- Exploit or otherwise use the IT Resources for personal gain or commercial purpose;
- Use IT Resources for criminal or prohibited acts;
- Violate any applicable local, state, federal, or international law;
- Knowingly, without authorization, run, install, upload, post, email, or otherwise transmit any computer code, file, or program, including, but not limited to, computer viruses, Trojan horses, worms, or any other malware, which negatively impact IT Resources; or
- Libel, slander, or harass any other person or to interfere unreasonably with an individual’s work, research, or educational performance.