General discussion

  • Creator
    Topic
  • #2081456

    Password Security Access Policy

    Locked

    by williams ·

    I am in the middle of developing a number of security polices, and it so happens that I am working on the Password Security Policy as we speak. Does anyone out there have a completed policy that I may use as a reference for my company. Reply to:
    clayton.williams@us.ul.com

    Thanks for information and the opportuntiy to request help.

All Comments

  • Author
    Replies
    • #3899388

      Password Security Access Policy

      by vanheef ·

      In reply to Password Security Access Policy

      Go to the NIST web site (URL below) and scan down for password usage.

      http://csrc.ncsl.nist.gov/fips/

      You’ll find everything you need right there.

    • #3899293

      Password Security Access Policy

      by al macintyre ·

      In reply to Password Security Access Policy

      I wear many hats & one of them is Master Security Officer … you want to make Security easy enough for people to remember that they will not find it neccessary to write down their passwords … You will need to make sure that upper management is aware of the downsides of policies imposed upon you that conflict with security objectives, such as multiple people in same department using same sign-on with the password being an open secret.

      See if your platform comes with a manual on security issues … I have a great one from IBM that talks about all the different kinds of risks & what to do to block them off.

      I am able to have the system disconnect the physical device a person is trying to sign on from, if they get the wrong password acertain number of tries in a row in a short time period … you certainly do not want to allow infinite retries.

      There are error messages about “invalid user” or “invalid password” that you might want to muck with to block intruders from getting clues.

      There need

    • #3899099

      Password Security Access Policy

      by joy ·

      In reply to Password Security Access Policy

    • #3766958

      Password Security Access Policy

      by shepherr ·

      In reply to Password Security Access Policy

      I have emailed you our current policy which (I feel) is rather complete in setting the user’s responsibilities from the start, and limits them to an acceptable, yet usable, password policy. I make 0 exceptions for this policy, and make sure that the people over me back me up on this issue. Once they make an exception, people will come out of the woodwork with reasons to have an exception.

    • #3745762

      Password Security Access Policy

      by williams ·

      In reply to Password Security Access Policy

      This question was closed by the author

Viewing 4 reply threads