SA11: Server operators must not knowingly permit shared user account credentials, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).
Server operators must not knowingly set up accounts that will be shared by multiple users unless there is a process by which the individual users can be identified. The use of “sudo” or “runas” meets this how-to.