NCWISE PASSWORD AND WORKSTATION SECURITY - CHATHAM COUNTY SCHOOLS REGULATION 3225-7320
NCWISE is a centrally hosted software application that contains student information previously contained within SIMS. Chatham County converted from SIMS to NCWISE in January 2008.
All NCWISE users are required to read and follow this regulation concerning user identification (user ID), password protection and workstation standards. The purpose of this standard is to reduce unauthorized access to information within the NCWISE system. This regulation applies to anyone using NCWISE per State Board Policy EEO-C-018.
User ID and Password Standards
- Persons accessing NCWISE shall be uniquely identified with an ID that is associated only with that employee.
- The LEA security administrator, or his/ her designee, is responsible for promptly disabling the NCWISE user ID upon termination of a user from the school or LEA or upon cessation of a users need to access the NCWISE system. In the central office, this responsibility lies with the LEA Data Manager or User Systems Administrator. In schools, this responsibility lies with the school Data Manager.
- NCWISE will limit unsuccessful login attempts to three before the user logon process is disabled.
- NCWISE will disable User IDs that are inactive for 30 days.
- Only authorized security administrators or help desk staff are allowed to enable a user ID.
- Passwords should not contain dictionary words or abbreviations.
- Passwords used for the NCWISE system should be unique to NCWISE.
- Passwords must be at least eight characters in length.
- To the extent possible, passwords shall be composed of a random variety of letters, numbers and symbols with no spaces in between. Additionally, passwords must contain at least two (2) non-alpha characters. Examples include the following characters: !, @, #, $, %, ^, &, *, (, ), 0-9
- NCWISE passwords will expire every 90 days.
- New users will have eleven days in which to log into the system and change their default passwords. NCWISE will disable their accounts if they have not done so.
- NCWISE will not allow reuse of passwords until at least six unique passwords have been created and cycled through use.
- At no time should anyone from NC DPI call a user and request that user’s password. If you receive such a call, please inform the Chief Technology Officer.
- Do not insert Personal information such as social security numbers, driver’s license numbers, etc., into email messages or other forms of electronic communication without proper encryption. A password may be conveyed in a telephone call if positive identification of the receiving party is established.
Workstation Security Standards
- Users should never leave their computer without "locking" or exiting NCWISE. Note: closing the web browser session effectively exits the program.
- Only approved software should be installed on district computers.
- No passwords, including NCWISE passwords, should be stored in clear text on desktop computer systems.
- Browsers should be configured so that passwords for websites are not stored.
- Users accessing NCWISE from outside the district WAN should ensure the desktop computer used to access the program meets all applicable standards.
- Each desktop should have a screen saver with a screen lock that engages after the keyboard or the mouse has been idle for a period of ten minutes or less.
- Anti-virus software should be installed for each computer, and designated staff shall make certain that the most current anti-virus software and appropriate patches are installed.
- No NC WISE passwords should be stored in clear text on desktop systems.