Identity and Access Management Policy

 

Policy Summary

The George Washington University (hereinafter, “GW” or “University”) provides Information Technology Resources (“GW IT Resources”) to its community members to promote and advance teaching, learning, research, and administrative support. This policy establishes the issuance, maintenance, and use of Digital Identities to safeguard the confidentiality, availability, and integrity of GW IT Resources.

Who is Governed by this Policy

  • This policy applies to all University students, faculty and staff and all other individuals and entities including, but not limited to, contractors, temporary employees, sponsored researchers, affiliates, visitors, and volunteers (collectively, “Authorized Users”).

Policy

Authorized Users shall be provided a unique identifier (e.g., GWID) at the point of joining the GW community. GW’s unique identifier serves as a partial confirmation of an account owner’s identity and is part of the Authorized User’s Digital Identity. The Authorized User’s Digital Identity will remain active until such time the user’s relationship with GW has concluded or access to GW IT Resources is no longer required.

The process, procedures, roles, and responsibilities related to a Digital Identity are governed by the GW IT’s Identity and Access Management Standards. Any requests and decisions related to accessing GW IT Resources via a Digital Identity shall be made in accordance with the Identity and Access Management Standards, and the University Access to Accounts and Electronic Information Policy.

All Authorized Users associated with GW are responsible for safeguarding their assigned Digital Identity from unauthorized use by complying with the Acceptable Use of IT Resources Policy, Cybersecurity Risk Policy, and Identity and Access Management Standards.

To mitigate the University’s cybersecurity risk, access to GW IT Resources shall be based on an Authorized User’s position or function. Physical access to GW campus buildings and facilities are addressed in the Physical Access Policy.

Definitions

Authorized Users: All University students, faculty and staff. It also applies to all other individuals and entities granted use of GW IT Resources, including, but not limited to, contractors, temporary employees, sponsored researchers, affiliates, visitors and volunteers.

Digital Identity: A digital identity is associated to a unique identifier that is specific to each Authorized User who has an active relationship with the University, and can consist of multiple unique attributes, accounts, credentials, and entitlements associated with an individual.

GW Identification (GWID): A GWID is an alpha-numeric value used to identify an Authorized User within GW's administrative systems and is required to access GW IT resources. A GWID is the letter G followed by an 8-digit number.

GW IT Resources: Any technology resource or equipment that supports one or more functional objectives of the university. This includes any system, service or physical facility owned, contracted, or managed by the University to acquire, store, process, transmit, scan, receive, or dispose of data or information (e.g., software, computers, mobile phones, tablets, storage devices necessary for security and surveillance).

Related Information

Acceptable Use of IT Resources Policy

Cybersecurity Risk Policy

Identity and Access Management Standards

Physical Access Policy

 

Contacts

 

 

Contact Phone Number Email Address
GW Information Technology 202-994-4948 [email protected]

 

Responsible University Official: Vice Provost for Libraries and Information Technology
Responsible Office: GW Information Technology

 

Non-compliance with this policy can be reported through this website.