# System Administration System administration is a core function in ICT implementation, it involves a range of activities from installation, support of servers or computer systems as well as service outage response and other related problems. In this section we are going to focus on user management, general network management utilities, password policies, and IP numbering conventions. Mechanisms by which data stored on every government institution’s owned computing systems and utilized by government employees is defined. # Password Protection - Password should not be written down on paper; - Password should not be sent through email, - Password should not be included in a non-encrypted stored document, - Password should not be revealed over the phone, - Password should not be revealed or hinted on a form on the Internet; - Password should not be “remembered” if the “Remember Password” feature in the application program such as Internet Explorer, Google Chrome, Safari and Mozilla Firefox is used; - Password should not be used on an account over the Internet which does not have a secure login (https); - password should not contain common acronyms; - Password should not have reverse spelling; - Password should not use part of your login name; - and password should not have part of numbers easily remembered such as birthdays, phone numbers, etc. # Email Accounts Official Government of Rwanda (GoR) employees as well as administrative visitors of departments must request for a generic user account to facilitate operations and communications. A request must be made to IT departments. Generic accounts created are not to be linked to a personal account (i.e. gmail, yahoomail, etc.) Email accounts will be vetted so as not to include names that are associated with other departments for example: helpdesk (IT Services);

All email accounts belonging to government institutions must have a domain with a suffix of gov.rw e.g. @risa.gov.rw.

# System access - **Connection to the local area network (LAN):** personal computers that have been out of office shall be automatically updated with the latest antivirus signature file by a server. - **Computers:** users should terminate active sessions or log out of their computers when moving away from the workstation unless they lock the computer in which case they would be required to re-enter the password. Offices, computer rooms and storage facilities should always be locked when unattended. Failure to apply necessary protection for equipment shall constitute neglect and the user may be held liable for the loss. In addition, all users should be responsible for the safety and custodianship of the laptop in the office and outside the office.. - **Standardization of hardware and software:** IT administrators shall standardize computer software and hardware for users based on but not limited to job function, division and the least privilege principle. - **Password requirement:** minimum password recommended length is 8 characters; minimum complexity of password should use lowercase, uppercase, numbers, special characters such as!@#${}:”>?<; passwords should be created keeping the sensitivity in mind; maximum password age should not exceed 60 days; minimum password age is 2 days; a password safe should be used to keep the passwords in a safe. Computers should be locked and enabled when the user is not attending it or there is inactivity. Rules being applied to password should also apply to passphrases that are used for public/private key authentication such as VPN, or any other system. - **Printers and scanners operation:** users shall be required to share printers on the network based on physical proximity and division in order for resources optimization where applicable. IT administrators should ensure that all management interfaces of printers are protected by a password to prevent unauthorized use or configuration. Individuals must take care of efficient management of printing resources by only printing when a paper copy is necessary. Sensitive or classified printed documents shall immediately be removed from the printer after printing to prevent unwanted information disclosures. Only authorized maintenance personnel should carry out printer repairs.