grp3_password_policy_v3 - Password Policy Overview...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Password Policy Overview Passwords are an important aspect of computer security. They are the front line protection for user accounts. A poorly chosen password may result in the compromise of Scott Hall / Scott Village resident's private, sensitive information. As such, all Scott Hall / Scott Village residents (including contractors and vendors with access to Scott Hall / Scott Village systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. Purpose The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change. Scope The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Scott Hall / Scott Village facility, has access to the Scott Hall / Scott Village network, or stores any non-public Scott Hall / Scott Village information. Policy General All system-level passwords (e.g., root, enable, Windows admin, application administration accounts, etc.) must be changed on at least a quarterly basis. All production system-level passwords must be part of the InfoSec (Information Security) administered global password management database. All user-level passwords (e.g., email, web, desktop computer, etc.) must be changed at least every six months. The recommended change interval is every four months.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
User accounts that have system-level privileges granted through group memberships or programs such as "sudo" must have a unique password from all other accounts held by that user. Passwords must not be inserted into email messages or other forms of electronic communication. Where SNMP is used, the community strings must be defined as something other than the standard defaults of "public," "private" and "system" and must be different from the passwords used to log in interactively. A keyed hash must be used where available (e.g., SNMPv2). All user-level and system-level passwords must conform to the guidelines
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/11/2010 for the course MIS 4110 taught by Professor N/a during the Spring '10 term at Uni. Münster.

Page1 / 5

grp3_password_policy_v3 - Password Policy Overview...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online