Purpose
This policy statement addresses NextLabs’ requirements for secure password management.
Scope
This policy outlines the requirements for passwords and their usage within NextLabs. It pertains to regular employees, part-time employees, temporary employees, interns & contractors, including all personnel affiliated with third parties, and anyone, including non-employees, with authorized access to NextLabs IT resources (collectively referred to as “Users”).
Policy
NextLabs considers passwords to be a key element of its security program and the first line of defense protecting NextLabs IT resources and information assets. Good passwords not only protect the system, but also provide a mechanism for validating the identity of the person entering the network/system.
Users should take necessary steps to safeguard their ID’s and passwords. The sharing of individually-assigned computer UserIDs and associated passwords places NextLabs and the sharing Users in jeopardy of potential civil and criminal penalties and is in direct violation of this and other NextLabs security policies.
No User may capture other User’s ID’s or passwords, access unauthorized files, or otherwise compromise network trust or security. Disabling or circumventing security systems on a User’s system or any place on the NextLabs network undermines IT’s efforts.
If for any reason, in support of administration or troubleshooting, an authorized IT or Help Desk support administrator requests a User’s password for a one time only support capability, the User must immediately change the password when the systems support administrator is finished working on the system. Where possible the User should stay with the physical system as well as ensure that sensitive data is not compromised.
Password Management Standards:
· All user-level passwords (e.g., email, web, desktop computer, etc.) must be changed at least every ninety (90) days. · Generally, passwords should not be written down. In the event passwords must be written down, they should be treated as Confidential NextLabs information. · Passwords should not be dictionary words or based on personal information such as family names, birthdays (i.e., not easily guessable). · Passwords for all user IDs assigned for access to NextLabs systems must be a minimum of Eight characters in length and must satisfy 3 out of the following 4 conditions:
Contains an upper case letter Contains a lower case letter Contains at least 1 numeral Contains at least 1 special character (!@#$%, etc).
Any User found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Effective Date: October 1, 2007 Last revision: None |