Differences

This shows you the differences between two versions of the page.

--- policies:password_policy [2016/07/14 21:06] – peter
+++ policies:password_policy [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 27: / Line 27: @@
     * Authentication of the user prior to changing the password (acceptable forms of authentication include answering a series of specific questions, showing one or more forms of photo ID, etc.).
     * The new password must comply with password strength requirements associated with the data classification for the service in question.
-    * System identity credentials (security tokens, security certificates, smartcards, and other access and identification devices) must be disabled or returned to the appropriate department or entity on demand or upon termination of the relationship with the university.  Additional operating guidelines for ID cards are referenced in the System Identification Card Guidelines and the Data Encryption Guidelines.
+    * System identity credentials (security tokens, security certificates, smartcards, and other access and identification devices) must be disabled or returned to the appropriate department or entity on demand or upon termination of the relationship with the System.  Additional operating guidelines for ID cards are referenced in the System Identification Card Guidelines and the Data Encryption Guidelines.
   * Unattended computing devices must be secured from unauthorized access using a combination of physical and logical security controls commensurate with associated risks.  Physical security controls include barriers such as locked doors or security cables. Logical security controls include screen saver passwords and automatic session time-outs that are set to activate after 15-minutes of inactivity.
 For more information on creating secure "strong" passwords please see the Password Guidelines published by Information Technology Services.