Body
Overview
A Logon Banner, or System Use Notification, is required on UI systems as part of Standards for APM 30.11, and to meet NIST 800-171 requirements 3.1.9, and 3.2.1. For legal reasons, it is also best practice to have such a notice in place in case future prosecution is needed. Guidelines below comply with IT Standards for this notice.
Policy exceptions for non-interactive logins can be made on a case-by-case basis. Create a ticket in TeamDynamix and assign OIT Security as the responsible party to review the policy exception and make a determination.
For systems that are not used interactively (like digital signage), TSPs can can disable the System Use notice without an explicit policy exception.
System Use Notification
Windows
On Microsoft Windows, the System Use notification is implemented through Group Policy for "Interactive Logon: Message text." On UI systems, you may see a message like this when attempting to logon:
macOS
On macOS, this is called a policy banner and may be implemented through JAMF for managed systems:
Linux/Unix
On Linux or Unix systems, this is typically implemented by enabling a "Banner" file in your sshd_config. This will look something like this at attempted logon:
Approved Text
The following text has been approved by UI General Counsel for UI systems:
This system is property of the University of Idaho. Use of this system may be monitored, recorded, and subject to audit. Unauthorized access is prohibited and subject to criminal and civil penalties. If you are unauthorized, terminate access now. Click OK to indicate your acceptance of this information
The last sentence of acknowledgement should only be used where the system supports it.
Resources
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on
https://support.apple.com/en-us/HT202277
https://man7.org/linux/man-pages/man5/sshd_config.5.html