Two-Factor Authentication to Georgetown Systems

Purpose

The purpose of this policy is to establish minimum standards for authentication and authentication management for Georgetown University network systems. This policy is designed to ensure that the technology system administrators manage authentication in a consistent manner and to safeguard NetID-based access to information assets in accordance with data protection best practices and industry standards; and, to ensure that account holders that have access to University technology systems are authenticating in accordance with data protection best practices and industry standards.

Two-factor authentication is recognized as an industry best practice in preventing unauthorized access to an institution’s enterprise accounts, financial, operational, and academic systems.

Scope

The two-factor authentication policy and supporting requirements applies to all authentication administered throughout the Georgetown network, whether centrally managed by UIS, managed by a designated technology service provider, or departmentally managed. This policy is applicable to all University community members, including faculty, staff, students and associates who are authorized to access the University’s information systems and data with a NetID.

Policy Statement

Georgetown University NetID accountholders are required to use University-authorized two-factor authentication for all NetID-enabled access to technology resources that store, process, transact or transmit any data classified as Personally Identifiable Information, financial information, protected health information, and data critical to the operation of the University (including but not limited to research, electronic mail, library and archives, and other University business systems).

Noncompliance

In accordance with the policy statement, any technology system connected to the University network must apply the appropriate authentication and access controls to prevent unauthorized access to University administrative, operations and academic systems and data.

Those accountholders, system owners and administrators that are noncompliant with this policy are subject to being prevented from connecting to systems that require two-factor authentication, thereby potentially impacting their ability to perform academic, or work functions and access their own data that may be stored in University systems.

Related Content

Computer Systems Acceptable Use Policy

Duo Two-Factor Authentication

REVIEWED AND APPROVED July 2020

  • UNIVERSITY CHIEF INFORMATION OFFICER
  • UNIVERSITY CHIEF INFORMATION SECURITY OFFICER