XXII. Automatic Timeout of Idle Sessions

I. Purpose

To establish policy for the automatic termination of idle or abandoned
interactive computer sessions.

II. Scope

These policies apply to all computing systems at Metropolitan State College
of Denver that are operated by the Division of Information Technology including,
but not limited to, MetroConnect, BANNER, UNIX, and remote access services.

III. Introduction

Interactive computing sessions established via a Web browser, remote terminal
session, telnet, ftp, ssh, sftp, or VPN create a security threat anytime such an
interactive session is abandoned by the user. In addition to the security
threats created by abandoned interactive computing session, every interactive
computing session has a large number of computing resources allocated for it to
support the session; these resources remain allocated to the session until the
session is terminated. Interactive session which have been abandoned consume
computing resources and compete with other interactive sessions that have not
been abandoned.

IV. Policy Statements

  1. Persons establishing an interactive computing session with a Metro State
    computing resource are required to log out of the interactive session when they
    have finished their work and anytime they will be away from the computer for an
    extended period of time.
  2. Information Technology will establish appropriate time-out limits for each
    interactive computing services as determined by the Vice President of
    Information Technology. Interactive computing sessions which do not perform some
    form of input/output during the defined time-out period will automatically be
    disconnected from the service.
  3. All workstations will be equipped with an automatic screen saver that will
    blank out the screen and lock the workstation after a period of inactivity. The
    user will be required to re-enter their password to unlock the workstation and
    un-blank the screen.

V. Authority

The Office of the President grants authority to the Vice President of
Information Technology to oversee compliance with this policy.

Questions regarding this policy, or requests for variances from the policy,
should be directed to the Interim Vice President of Information Technology at
(303) 556-5321 .

Approved October 23, 2006

Next Review Date: September 2008