User IDs and Password Controls. 1. All users shall be issued a unique user name for accessing PII. 2. Username shall be promptly disabled, deleted, or the password changed within, at most, twenty-four (24) hours of the transfer or termination of an employee. Note: Twenty-four (24) hours is defined as one (1) working day. 3. Passwords are not to be shared. 4. Passwords shall be at least eight (8) characters. 5. Passwords shall be a non-dictionary word. 6. Passwords shall not be stored in readable format on the computer or server. 7. Passwords shall be changed every ninety (90) days or less. It is recommended that passwords be required to be changed every sixty (60) days or less. Non-expiring passwords are permitted when in full compliance with NIST SP 800-63B Authenticator Assurance Level (AAL) 2. 8. Passwords shall be changed if revealed or compromised. 9. Passwords shall be composed of characters from at least three (3) of the four (4) of the following groups from the standard keyboard: a. Upper case letters (A-Z) b. Lower case letters (a-z) c. Arabic numerals (0-9) d. Special characters (!,@,#, etc.)
Appears in 3 contracts
Sources: Data Privacy & Security, Data Sharing Agreement, Privacy and Security Agreement
User IDs and Password Controls. 1. All users shall be issued a unique user name for accessing PII.
2. Username shall be promptly p romptly disabled, deleted, or the password passwo rd changed within, at most, twenty-four (24) hours of the transfer or termination of an employee. NoteNote : Twenty-four (24) hours hou rs is defined as one (1) working day.
3. Passwords are not to be shared.
4. Passwords shall be at least eight (8) characters.
5. Passwords shall be a non-dictionary word.
6. Passwords shall not be stored in readable format on the computer or server.
7. Passwords shall be changed every ninety (90) days or less. It is recommended that passwords be required to be changed every sixty (60) days or less. Non-expiring passwords are permitted pe rmitted when in full compliance with NIST N 1 ST SP 800-63B 638 Authenticator Assurance Level (AAL) 2.
8. Passwords shall be changed if revealed or compromised.. v201 9 06 24 MOU-1 e9-7004
9. Passwords shall be composed of characters from at least three th ree (3) of the four (4) of the following groups g roups from the standard keyboardkeyboard :
a. Upper case letters (A-Z)
b. ) Lower case letters (a-z)
c. Arabic numerals (0-9)
d. Special characters (!,@,#, etc.)
Appears in 2 contracts
Sources: Privacy and Security Agreement, Privacy and Security Agreement
User IDs and Password Controls. 1. All users shall mustshall be issued a unique user name for accessing Medi-Cal PII.
2. Username mustUsernames shall be promptly disabled, deleted, or the password changed withinuponwithin, at most, twenty-four (24) 24 hours of the transfer or termination of an employee. Note: Twenty-four (24) hours is defined as one (1) working day, at maximum within 24 hours.
3. Passwords are not to be shared.
4. Passwords shall mustshall be at least eight (8) characters.
5. Passwords shall mustshall be a non-dictionary word.
6. Passwords shall mustshall not be stored in readable format on the computer or server.
7. Passwords shall mustshall be changed every ninety (90) 90 days or less. It is recommended that passwords be required to be changed every sixty (60) 60 days or less. Non-expiring passwords are permitted when in full compliance with NIST SP 800-63B Authenticator Assurance Level (AAL) 2.
8. Passwords shall mustshall be changed if revealed or compromised.
9. Passwords shall mustshall be composed of characters from at least three (3) of the four (4) of the following four groups from the standard keyboard:
a. Upper case letters (A-Z)
b. Lower case letters (a-z)
) c. Arabic numerals (0-9)
d. Special characters (!,@,#, etc.)characters
Appears in 1 contract