User Identification. 33.11.6.1 Access to each Party’s corporate resources will be based on identifying and authenticating individual users in order to maintain clear and personal accountability for each user’s actions. 33.11.6.2 User identification shall be accomplished by the assignment of a unique, permanent userid, and each userid shall have an associated identification number for security purposes. 33.11.6.3 Userids will be revalidated on a monthly basis. 33.11.7 User Authentication. 33.11.7.1 Users will usually be authenticated by use of a password. Strong authentication methods (e.g. one time passwords, digital signatures, etc.) may be required in the future. 33.11.7.2 Passwords must not be stored in script files. 33.11.7.3 Passwords must be entered by the user in real time. 33.11.7.4 Passwords must be at least 6-8 characters in length, not blank or a repeat of the userid; contain at least one letter, and at least one number or special character must be in a position other than the first or last one. This format will ensure that the password is hard to guess. Most systems are capable of being configured to automatically enforce these requirements. Where a system does not mechanically require this format, the users must manually follow the format. 33.11.7.5 Systems will require users to change their passwords regularly (usually every 31 days). 33.11.7.6 Systems are to be configured to prevent users from reusing the same password for 6 changes/months. 33.11.7.7 Personal passwords must not be shared. A user who has shared his password is responsible for any use made of the password.
Appears in 3 contracts
Sources: Interconnection Agreement, Interconnection Agreement, Interconnection Agreement