Acceptable Use Policy
PURPOSE
The purpose of this policy is to define acceptable use of Massachusetts Maritime Academy’s
(MMA) applications, hardware, information and other information technology-based resources
and systems.
SCOPE
This policy applies to any person utilizing MMA’s information technology-based resources,
including faculty, staff, students and contractors.
POLICY
Information technology resources are intended to support the mission of the Academy. As such,
users are encouraged to utilize MMA’s information technology resources to the fullest extent.
The Academy expects that these information technology resources are utilized in a responsible
manner and reserves the right to limit or remove access at any time.
MMA’s electronic communications systems, including internet access, telephony, email, and
messaging services, are to be used primarily for Academy-related purposes. Users shall have no
expectation of privacy over any communication, transmission, or work performed using or stored
on MMA’s information technology resources. The Academy reserves the right to monitor any
and all aspects of its information technology resources and to do so at any time, without notice,
and without the user's permission.
Inappropriate use of the MMA information technology-based resources include the following
list, which is a representative sample and may not be complete:
- activities that violate local, state, or federal laws;
- excessive, unreasonable or unauthorized personal use;
- performing large data downloads of movies, music, or similar, whether
- academically appropriate or not, during peak or busy times;
- storing, sending or forwarding e-mails that contain libelous, defamatory, racist,
- obscene, inappropriate, or harassing remarks;
- visiting or sending information to or receiving or downloading information from
- Internet sites involving inappropriate topics such as pornography, terrorism,
- violence, racism, or gambling;
- running servers or wireless access points without prior permission from an MMA
- IT staff member or designee;
- accessing online games or gambling sites other than for academic purposes;
- soliciting the purchase, sale, rental, or lease of private personal property, goods,
- services, or real estate;
- infringing on intellectual property rights;
- for any political purpose not permitted under a collective bargaining agreement.
USE OF INFORMATION TECHNOLOGY RESOURCES
Access
Users of MMA’s information technology resources are authorized to access only systems,
including hardware and software, where access has been approved, per the Computer Access
Control and Management Policy.
Remote Access
Remote access to MMA’s information technology resources can be less secure than local access.
As such, remote access is authorized for only those users with an approved business use. Users
who have been approved for remote access are responsible for adhering to the requirements as
defined in the Remote Access Policy.
Cloud Computing and Storage
Advances in cloud computing offer convenient solutions to technology-based problems such as
data storage and connectivity. Data placed on any cloud computing storage solution must adhere
to the same policies as data stored on MMA’s internal computing resources.
Computer Virus and Malware Protection
It is important that users take particular care to avoid compromising the security of the MMA
network. Users shall exercise reasonable precautions in order to prevent the introduction of a
computer virus or other malware into the MMA network. Virus scanning software is installed on
all MMA systems and is used to check any software downloaded from the internet or obtained
from any other source. Users are prohibited from disabling, or attempting to disable, virus
scanning software. Users must scan portable media devices for viruses and malware before
using them to see if they have been infected. If users are unsure of how to utilize virus and
malware scanning tools, they should contact the MMA Helpdesk for additional information.
Information Security Awareness Training
MMA faculty and staff members will be required to attend security awareness training upon hire
and at least annually thereafter. For additional information on MMA’s Security Awareness
program, refer to the Security Awareness Training Policy.
Messaging Technologies
Use of email should never be used to transmit confidential or restricted information in an
unencrypted format. Users must pay additional attention to email content and senders and they
must not open email attachments from unrecognized or suspicious senders. If there are questions
about the security of an email, email attachment, or email messaging technology users should
contact the MMA Helpdesk. For additional information on the use of e-mail and messaging
technologies at MMA, consult the Email Communication Policy.
Password Use
Many of MMA’s information technology resources require the use of a unique user account and
password. Unfortunately, due to the rising use and effectiveness of password guessing tools and
social engineering campaigns targeting users, it is important for all MMA faculty and staff to
create strong passwords and protect these passwords. To this end, faculty and staff must never
share their passwords with anyone else, must maintain privacy of their password and must
promptly notify the MMA Help Desk if they suspect their passwords have been compromised.
For additional information on password creation, use and protection, refer to the MMA
Computing Password Policy.
Physical and Environmental Security
Assistance from users is required to ensure a physically and environmentally secure working
environment. Users are required to be aware of locking and access restriction mechanisms and
must proactively challenge unidentified or unescorted personnel within restricted areas of the
campus. Additionally, to aid in the physical security of workstations and information technology
resources, users who will be leaving their devices unattended must log off or lock the system
before leaving. Some campus computers will automatically lock after a specified amount of time
of inactivity for additional security. For additional information, refer to the MMA Physical
Security Policy.
ENFORCEMENT
Any person found to have violated this policy, intentionally or unintentionally, may be subject to
disciplinary action, up to and including loss of access rights, termination of employment or
expulsion from the Academy.
ROLES AND RESPONSIBILITIES
Under the direction of the Vice President of Technology and Library Services, the TLS
Directors are responsible for coordinating and establishing procedures and practices which are
necessary for compliance with this policy.
This policy is owned by the Vice President of Technology and Library Services, who will
coordinate any and all revisions.
REFERENCES
| Framework SANS Top 20 Controls |
Regulations and Requirements PCI DSS - MA 201 - HIPAA |
Supporting Standards and Procedures |
| CSC 1, 2, 9, 12, 16 |
REVISION HISTORY
This section contains comments on any revisions that were made to this document and the date
they were made.
| Version Number |
Issued Date | Changes Made By | Description of Changes |
| 1.0 | 1/27/2016 | Initial policy | |
| 2.0 | 2/5/2016 | Anne Marie Fallon | Additions made to policy |
| 2.1 | 3/8/2018 | Anne Marie Fallon | Changes made to policy |
| 2.1 | 3/21/2018 | Anne Marie Fallon |
Changes made to policy. Emailed for review. |
| 2.1 | 4/3/2018 | Policy published |