Identity and Authentication Rule: Guidance for Campus Users


Note: The Identity and Authentication Rule is expected to be issued summer 2026 with an effective date at the end of December. See this webpage for more information about the rule.

Anyone with access to university IT resources, including students, faculty, staff and third-party entities, must comply with RUL 08.00.19 – Identity and Authentication Rule. The rule outlines the minimum identity and authentication requirements the university must follow to protect its data.

This article will help campus users better understand their responsibility in following the rule.

Password Lifetime

Due to changing industry best practices, regular password changes are no longer required for all Unity accounts.

Password Managers

An enterprise password management solution provides better centralized oversight and reduces organizational risk. While an enterprisewide solution is not yet in place, this is the current recommendation:

Multifactor Authentication (MFA)

MFA is required for all Unity accounts.

Storage of Physical Credentials and Secrets

There are many physical methods we use to verify our identity. These methods must be kept secure.