IT Services - About AD Privileges Appropriate Use

Overview

As part of our ongoing effort to maintain the security and integrity of our electronic information systems, UC San Diego, Information Technology Services (ITS) has established this Active Directory Privileges Appropriate Use article. This article outlines the principles and guidelines for the appropriate use of Active Directory privileges, in accordance with BFB-IS-3: Electronic Information Security.

The purpose of this article is to ensure that all users with Active Directory privileges understand their responsibilities and use their privileges in a manner that maintains the security, confidentiality, and integrity of all electronic information systems. This information applies to all UC San Diego students, staff, faculty, contractors, and third-party vendors who have been granted Active Directory privileges.

Misuse of Active Directory privileges may result in disciplinary action, up to and including termination of employment or contract. UC San Diego may also pursue legal action in cases of intentional or reckless misuse.

Principles

Least Privilege: Users will be granted only the privileges necessary to perform their job functions, and no more.
Separation of Duties: With the exception of Domain Administrators or Enterprise Administrators, no single user will have unrestricted access to all aspects of Active Directory.
Accountability: All actions performed within Active Directory will be auditable and attributable to a specific user account.
Confidentiality: Users with Active Directory privileges will maintain the confidentiality of sensitive information, such as user passwords and other identification and authorization data.

Responsibilities

Users: Users with Active Directory privileges are responsible for:

Using their privileges only for authorized purposes as defined by their role with UC San Diego.
Maintaining the confidentiality of sensitive information.
Reporting any security incidents or suspicious activity to the Office of Information Assurance.
Escalate issues, questions or suspected, impactful changes regarding privilege use for review with the Active Directory team.

ITS Department: The ITS department is responsible for:

Reviewing and approving requests for Active Directory privileges.
Monitoring and auditing Active Directory activity.
Ensuring that all users with Active Directory privileges understand their responsibilities and the principles outlined in this article.
Provide advance notification of any changes to privileges previously granted to individuals.

If you still have questions or need additional assistance, please submit a ticket or email adteam@ucsd.edu.