Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
243 views2 pages

Password Policy

This password policy establishes standards for creating strong passwords, protecting passwords, and changing passwords regularly. It requires all system-level passwords to be changed quarterly, user-level passwords changed every six months, and passwords to contain a mix of upper and lowercase letters, numbers, and symbols. The policy prohibits writing down or sharing passwords, and monitors password usage and messages to ensure compliance.

Uploaded by

Bruno Guimarães
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
243 views2 pages

Password Policy

This password policy establishes standards for creating strong passwords, protecting passwords, and changing passwords regularly. It requires all system-level passwords to be changed quarterly, user-level passwords changed every six months, and passwords to contain a mix of upper and lowercase letters, numbers, and symbols. The policy prohibits writing down or sharing passwords, and monitors password usage and messages to ensure compliance.

Uploaded by

Bruno Guimarães
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Password Policy

Objective

The objective of this policy is to establish a standard for creation of strong passwords,
the protection of those passwords, and the frequency of change. The scope of this
policy includes all personnel who have, or are responsible for any form of access that
supports or requires a password on any system that resides on resources owned by
this company, or resources acquired from customers or third-party suppliers of this
company.
Controls

Procedures
Passwords must be changed on a regular and consistent basis as defined herein:
All system-level passwords (e.g., root, enable, NT admin, application administration
accounts, accounts tied to financial accounts of the company, etc.) must be changed
on at least a quarterly basis.
All user-level passwords (e.g., email, web, desktop computer, etc.) must be changed at
least every six months.
User accounts that have system-level privileges granted through group memberships
or programs must have a unique password from all other accounts held by that user to
include personal passwords used by that user for access to personal, non-work or
business related accounts.
Passwords must not be inserted into email, text, SLS or any other messages type or
other form of electronic communication.
All user-level and system-level passwords must conform to the following
characteristics:
Contain both upper and lower case characters (e.g., a-z, A-Z)
Have digits and punctuation characters as well as letters e.g., 0-9,
!@#$%^&*()_+|~=\`{}[]:";'<>?,./)
At least fifteen alphanumeric characters long and is a passphrase
Not words in any language, slang, dialect, jargon, etc.
Not based on personal information, names of family, etc.

Passwords should never be written down or stored on-line. Try to create passwords
that can be easily remembered. One way to do this is create a password based on a
song title, affirmation, or other phrase.
Do not use the same password for Company accounts as non-company access such
as personal ISP account, banking and utility or shopping accounts.
Do not share Company passwords with anyone. To reinforce this statement, do not
share any password with administrative assistants or secretaries, supervisory level
persons, or family members.
You are responsible for the protection of Company owned sensitive information and
may be legal responsible for protection of such information as well as any intellectual
property of the Company.
Monitoring

The Company will periodically monitor password usage, including all change activity.
The Company will periodically scan all mail and messages for unauthorized usages.
Any employee found to have violated this policy may be subject to disciplinary action,
up to and including termination of employment.

You might also like