Password Standard. Suzanne Baker Version Effective Date 7/12/2013 Last Updated 7/12/2013

Similar documents
Firewall Policy. Prepared By Document Version Phone Number Kevin Kuhn Version /

a. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard

Online Enrollment. This portal enables you to:

SEVIS Real-Time Interface. Release 5.1 & Release 5.2 Training

The tool can also be accessed by clicking the Self Service Password Manager icon on your desktop, or by visiting:

NSW Planning Portal. HowTo register for an account

Access to University Data Policy

The University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems

Online CDC service. HowTo guide for applicants

Fair Isaac Product Name User s Guide ENHANCEMENT NOTIFICATION Fair Isaac LenStar. Security Requirements

High Performance Computing Environment for Research on Restricted Data. Dr. Erik Deumens Rob Adams Dr. Alin Dobra

Searching for Standards Information via the Internet

Single Sign-on Registration Guide

COMPANY (MU1) FORM FILING - EXTENDED

Development Application Online. HowTo guide for applicants

Version 2.1 June 12, 2018

Online CDC service. HowTo guide for certifying organisations

Online For Company OPERATING MANUAL

IT Services Policy. DG19 Remote Access. Prepared by: < Shelim Miah> Version: 2.0

Opportunity Lives Here

Information Technology Access Control Policy & Procedure

NYDFS Cybersecurity Regulations

Getting started with. wcb.ns.ca

LIBERTY On-line Portal Help Guide

AS/NZS ISO/IEC 17067:2015

ICT Systems Administrative Password Procedure

DEPARTMENT OF EDUCATION. LEA Accounting

AGENDA. Importance of filing Form 700 edisclosure Process for Filing your Electronic Form 700 Resources Next Steps and Q & A

Cisco IOx and Cisco Fog Director

Inactive IT Accounts Policy. Version 1.0

Welcome to Opus Bank Business Online Banking User Guide

ANNUAL MEETING PROXY/BALLOT

Login Instructions for Falck MyCare

General Information System Controls Review

NZX Participant Compliance

Electronic Emergency Lockdown procedures (Gallagher Configuration Client and Command Centre)

Login Instructions for Falck MyCare

Contents About This Guide... 5 About Notifications... 5 Managing User Accounts... 6 Managing Companies Managing Password Policies...

ERO Enterprise Strategic Planning Redesign

NYISO Member Community Reference Guide

ProcessWorld User Guide. (October 2017)

User Manual March 2018

Schaeffer Shop Login Instructions

INFORMED VISIBILITY. Mail Tracking & Reporting. Applying for Access to IV-MTR

Remote Deposit Capture Member User Guide. RDC Brought to you by Sprig

ejobs - Navigating the Home Page

Hydraulic Institute Fall Conference 2018 Registration Step- By- Step Guide

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

CAMP USER S GUIDE IFMA CREDENTIALS CREDENTIALS APPLICATION AND MAINTENANCE PROGRAM

User Account Guide. Registration...2 First-Time Sign In...5 Password Recovery 7 Expired Account Disney 1

COEUS LITE IRB COEUS 4.5.1_P3 USER GUIDE

Animal Protocol Development Instructions for Researchers

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

Responsible Officer Approved by

IT Audit Process Prof. Liang Yao Week Six IT Audit Planning

IT CONTINUITY, BACKUP AND RECOVERY POLICY

Internal Audit Follow-Up Report. Multiple Use Agreements TxDOT Office of Internal Audit

ECCouncil EC-Council Certified CISO (CCISO) Download Full Version :

01.0 Policy Responsibilities and Oversight

CPEA and CPSA CPD Reporting January 2017

Request for Comments (RFC) Process Guide

IEEE Standards Association. Sponsor Balloting Process Using myproject

2013 MEDICARE SALES TRAINING AND CERTIFICATION PROGRAM Retail Core Medicare Sales Sentinel User Guide

Privacy Breach Policy

Commercial Bill Pay Administration Guide. January 2017

User manual for applying online for certification under the Health and Disability Services (Safety) Act 2001

STREAMLYNE INITIAL GUIDE FOR PRINCIPAL INVESTIGATOR / STUDENT

E2.0 WRITING GUIDELINES for SPECIAL PROVISIONS (SPs)

IRBNet User Manual. University of Denver Human Research Protection Program (HRPP) Institutional Review Board (IRB)

SA/SNZ TR ISO/IEC :2014

M&T SupplierPay Supplier

Virginia Commonwealth University School of Medicine Information Security Standard

Welcome to Your. Online Banking Experience

January Alberta Carbon Registries

Once an account is created, a vendor can also update contact information, view orders, and submit electronic invoices.

Certifying your tax status online

LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU

Planned End Date (if known): The date the emarket should be decommissioned if this store should not remain active after a certain date.

Version Control of Study Specific Documents

How to Register for Access to the PS&R

RAPIDS 2.0 SPONSOR S USER GUIDE

OTC ACCOUNT SERVICES INFORMATION SYSTEM ( OASIS ) WEB PORTAL USER MANUAL PART V - OASIS SETTLEMENT LIMIT ENQUIRY PORTAL

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Short Guide to using the Report Template (Version 3)

ACORD Forms Notification Service November 2016 Bulletin

Using the Owner Portal

ANNUAL PROGRESS REPORT SUBMISSIONS

Assessment Data Online for Parents: Quick Start Guide

Advisory Circular. Subject: INTERNET COMMUNICATIONS OF Date: 11/1/02 AC No.: AVIATION WEATHER AND NOTAMS Initiated by: ARS-100

Munitions Response Site Prioritization Protocol

SANTA CLARA COUNTY CFET THIRD PARTY PARTNERS REMOTE ACCESS GUIDE

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

Planning the Installation

Content: Installing and Setting Up Ever Accountable. Steps Involved To Install On Windows

Complaints and Compliments Policy. Date Approved: 28 September Approved By: Governing Body. Ownership: Corporate Development

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Oracle Hospitality Simphony First Edition Server Setup Guide - Version 2.0 Release 1.7 Part Number: E February 2016

How to Submit a New UIW IRB Application

epermits Requesting Permits & Scheduling Inspections

Transcription:

Password Standard Responsible Parties Prepared By Document Version Number Phone Number Suzanne Baker Version 1.1 314-977-4185 Effective Date 7/12/2013 Last Updated 7/12/2013 Department(s) Responsible ITGS:IT Governance Services Name of Responsible Department Person Suzanne Baker Group(s) Responsible ITGS:IT Compliance Services Name of Responsible Group Person Suzanne Baker Approved By IT Governance Committee Date of Approval 7/12/2013 Date of Last Review 6/13/2013 Date of Next Review 6/13/2014 Audience This document applies to all Saint Louis University (SLU) departments and the ITS Division. This standard will be published on the ITS website. Responsibilities Executive Sponsor Key Stakeholders Document Management Implementers Chief Information Officer ITS Division, ITGS:IT Governance Services, ITGS:IT Compliance Services, Information Security The department director is responsible for ensuring the publication, notification, and maintenance of this document, as well as approving all major revisions to this standard. IT Governance Services is responsible for ensuring that the requirements in this document are implemented. Page 1 of 5

Table of Contents Revision History... 3 Scope... 4 Purpose... 4 Standard... 4 Affected Applications... 5 Other Documents Referenced... 5 Questions About This Standard... 5 Approval and Amendments... 5 Page 2 of 5

Revision History Version Number* 1.0 Prepared By Description of Changes Date of Approval Approved By Suzanne Baker 1.1 5/10/2013 *Minor revisions should be indicated by changing the minor number (i.e. 1.3 to 1.4 would indicate a minor revision). Minor revisions include, but are not limited to, changes in verbiage or minor procedure changes that do not require the standard to be rerouted through the approval process. *Major revisions should be indicated by changing the major number (i.e. 1.4 to 2.0 would indicate a major revision). Major revisions include significant content changes that require the standard to be rerouted through the approval process. Page 3 of 5

Scope This standard applies to the Information Technology Services division (ITS) and SLU Divisions that support and perform IT functions, including but not limited to distributed IT functions, and all Saint Louis University Information Technology Resources. Purpose The purpose of this standard is take one of the first steps to help ensure compliance and security with Saint Louis University accounts and access to SLU Information Technology Resources that include data, software, hardware, networks, IT Systems, databases and removable media. Standard User Account Standard Passwords must follow a few rules: At least 8 characters long At least 1 lowercase letter, 1 uppercase letter, and 1 number Cannot contain the following phrases: password, test, welcome, username, your first or last name Can only contain the following special characters #, $,%,?, *, ^. Cannot be a previously used password Technical Standards Passwords must be stored or transmitted in an encrypted format Access to password.slu.edu will be disabled after five consecutive unsuccessful logins Passwords must be changed every six months For Payment Card Industry applications, passwords must be changed every 90 days System Administrator Account Standard System administrator passwords include passwords for servers, desktops, applications, and networks. System administrator accounts need to follow the National Institute Standard Technology controls which are listed below: At least 8 characters long At least 1 lowercase letter, 1 uppercase letter, and 1 number Cannot contain the following phrases: password, test, welcome, username, your first or last name Can only contain the following special characters that are allowed by each specific system Cannot be a previously used password Technical Standards Passwords must be stored or transmitted in an encrypted format Access to password.slu.edu will be disabled after five consecutive unsuccessful logins Passwords must be changed every six months For Payment Card Industry applications, passwords must be changed every 90 days Page 4 of 5

Special Regulatory Controls Standard Some systems will require additional controls and standards around passwords due to specific regulations that Saint Louis University must meet. If your system is required to meet Federal Information Security Management Act (FISMA) please contact IT Governance for specific standards. Exceptions to the Standard Exceptions to this password standard can be made in the event the system (application) cannot support the password requirements. System administrators must inform IT Governance of exceptions so that can be noted as a risk. Affected Applications Application Name Version Business Owner All Systems that require passwords Other Documents Referenced Document Number Document Name Online Location Review current ITS Policies/Standards/Processes Review current ITS Procedures Questions About This Standard If you have questions about this standard, please contact the director of the department responsible for authoring this document as listed above. Approval and Amendments Changes to this standard may be necessary from time to time. At a minimum, this standard will be reviewed and approved annually. All changes to this standard will go through the published revision and approval process. This standard, including a record of all changes, will be maintained by the department responsible for authoring this document as listed above. Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback