Preaload Image

 

5.2.       User Password Policy

  • All credentials created by the ICT Directorate (at the active directory) must enforce users to change their password at the first log and periodically. 
  • All user credentials that are no longer needed must be deleted or disabled immediately. This includes, but not limited to, the following: 
    • When a user retires, quits, resigns, is dismissed, etc., and
    • Guest accounts no longer needed to perform their duties.  
  • All user-level and system-level passwords must conform to the requirements described below:
    • Passwords mus have a minimum length of eight (8) characters,
    • Passwords must use at least three of the four available character types such as lowercase letters, uppercase letters, numbers, signs, and symbols,
    • Passwords must not contain a dictionary word or proper name and the user name, or parts of the user’s full name such as his/her first name,
    • Passwords must not be transmitted in the clear or plain text outside the secure location,
    • Passwords must not be displayed when entered (must be hidden when entered), and
    • Passwords must be reset for only authorized users.  

 

5.3. Data Backup and Disaster Recovery Policy

5.4. Computer Laboratory Facility Security Policy