General discussion

Locked

Password Security Access Policy

By williams ·
I am in the middle of developing a number of security polices, and it so happens that I am working on the Password Security Policy as we speak. Does anyone out there have a completed policy that I may use as a reference for my company. Reply to:
clayton.williams@us.ul.com

Thanks for information and the opportuntiy to request help.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Password Security Access Policy

by vanheef In reply to Password Security Access ...

Go to the NIST web site (URL below) and scan down for password usage.

http://csrc.ncsl.nist.gov/fips/

You'll find everything you need right there.

Collapse -

Password Security Access Policy

by williams In reply to Password Security Access ...

Poster rated this answer

Collapse -

Password Security Access Policy

by Al Macintyre In reply to Password Security Access ...

I wear many hats & one of them is Master Security Officer ... you want to make Security easy enough for people to remember that they will not find it neccessary to write down their passwords ... You will need to make sure that upper management is aware of the downsides of policies imposed upon you that conflict with security objectives, such as multiple people in same department using same sign-on with the password being an open secret.

See if your platform comes with a manual on security issues ... I have a great one from IBM that talks about all the different kinds of risks & what to do to block them off.

I am able to have the system disconnect the physical device a person is trying to sign on from, if they get the wrong password acertain number of tries in a row in a short time period ... you certainly do not want to allow infinite retries.

There are error messages about "invalid user" or "invalid password" that you might want to muck with to block intruders from getting clues.

There need

Collapse -

Password Security Access Policy

by williams In reply to Password Security Access ...

Poster rated this answer

Collapse -

Password Security Access Policy

by williams In reply to Password Security Access ...

Poster rated this answer

Collapse -

Password Security Access Policy

by shepherr In reply to Password Security Access ...

I have emailed you our current policy which (I feel) is rather complete in setting the user's responsibilities from the start, and limits them to an acceptable, yet usable, password policy. I make 0 exceptions for this policy, and make sure that the people over me back me up on this issue. Once they make an exception, people will come out of the woodwork with reasons to have an exception.

Collapse -

Password Security Access Policy

by williams In reply to Password Security Access ...

Poster rated this answer

Collapse -

Password Security Access Policy

by williams In reply to Password Security Access ...

This question was closed by the author

Back to Security Forum
9 total posts (Page 1 of 1)  

Security Forums