User IDs and Password Controls Sample Clauses
The 'User IDs and Password Controls' clause establishes requirements for the creation, use, and management of user identification credentials within a system or service. Typically, it outlines how users must select secure passwords, the process for issuing unique user IDs, and the responsibilities of users to maintain the confidentiality of their login information. This clause is essential for safeguarding access to sensitive data and systems, helping to prevent unauthorized access and ensuring accountability for actions taken within the system.
POPULAR SAMPLE Copied 1 times
User IDs and Password Controls. All users must be issued a unique user name for accessing DSH PCI. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password. Passwords are not to be shared. Must be at least eight characters. Must be a non-dictionary word. Must not be stored in readable format on the computer. Must be changed every 60 days. Must be changed if revealed or compromised. Must be composed of characters from at least three of the following four groups from the standard keyboard: • Upper case letters (A-Z) • Lower case letters (a-z) • Arabic numerals (0-9) • Non-alphanumeric characters (punctuation symbols)
User IDs and Password Controls. All users must be issued a unique user name for accessing DHCS PHI or PI. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password, at maximum within 24 hours. Passwords are not to be shared. Passwords must be at least eight characters and must be a non-dictionary word. Passwords must not be stored in readable format on the computer. Passwords must be changed every 90 days, preferably every 60 days. Passwords must be changed if revealed or compromised. Passwords must be composed of characters from at least three of the following four groups from the standard keyboard: • Upper case letters (A-Z) • Lower case letters (a-z) • Arabic numerals (0-9) • Non-alphanumeric characters (punctuation symbols)
User IDs and Password Controls. All users must be issued a unique username for accessing County PHI or PI. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password, at maximum within twenty-four
User IDs and Password Controls i. All users must be issued a unique username for accessing PII.
ii. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee within twenty-four (24) hours. Note: Twenty-four (24) hours is defined as one (1) working day.
iii. Passwords are not to be shared.
iv. Passwords must be at least eight (8) characters.
v. Passwords must be a non-dictionary word.
vi. Passwords must not be stored in readable format on the computer or server.
vii. Passwords must be changed every ninety (90) days or less.
viii. Passwords must be changed if revealed or compromised.
ix. Passwords must be composed of characters from at least three (3) of the following four (4) groups from the standard keyboard:
A. Upper case letters (A-Z)
B. Lower case letters (a-z) C. Arabic numerals (0-9)
User IDs and Password Controls. All users must be issued a unique user name for accessing DOM data. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password, at maximum within twenty-four (24) hours. User IDs shall be, purged after ninety (90) days of inactivity. Passwords are not to be shared. Passwords must be at least eight (8) characters and must be a non-dictionary word. Passwords must not be stored in readable format on the computer. Passwords must be changed every thirty (30) days. Passwords must conform to the following guidelines: • Passwords must contain at least eight (8) characters. • Passwords must contain a combination of lower case letters, upper case letters, numbers, and at least one (1) symbol. • Minimum password age of 1 day. • Maximum password age of 60 days. • Enforce at least four (4) changed characters when new passwords are created. • Prohibit password reuse for 24 generations. • Passwords must not contain the user ID. • Passwords must not include personal information about the user that can be easily guessed: user’s name, spouse’s name, kid’s name, employee number, social security number, birth date, telephone number, city, etc. • Passwords must not include words from an English dictionary or foreign-language dictionary. • Passwords must not contain any simple pattern of letters or numbers such as “qwertyxx”, “12345678”, or “xyz123xx.” Two Factor Authentication (2FA) is preferred.
User IDs and Password Controls. 1. All users shall be issued a unique user name for accessing PII.
2. Username shall be promptly disabled, deleted, or the password changed within, at most, twenty-four (24) hours of the transfer or termination of an employee. Note: Twenty-four (24) hours is defined as one (1) working day.
3. Passwords are not to be shared.
4. Passwords shall be at least eight (8) characters.
5. Passwords shall be a non-dictionary word.
6. Passwords shall not be stored in readable format on the computer or server.
7. Passwords shall be changed every ninety (90) days or less. It is recommended that passwords be required to be changed every sixty (60) days or less. Non-expiring passwords are permitted when in full compliance with NIST SP 800-63B Authenticator Assurance Level (AAL) 2.
8. Passwords shall be changed if revealed or compromised.
9. Passwords shall be composed of characters from at least three (3) of the four (4) of the following groups from the standard keyboard:
a. Upper case letters (A-Z)
b. Lower case letters (a-z)
c. Arabic numerals (0-9)
d. Special characters (!,@,#, etc.)
User IDs and Password Controls. All users must be issued a unique username for accessing PHI.
(a) Passwords are not to be share; (b) Must be at least eight (8) characters; (c) Must be a non-dictionary word; (d) Must not be stored in readable format on the computer; (e) Must be changed every sixty (60) days; (f) Must be changed if revealed or compromised;
User IDs and Password Controls i. All users must be issued a unique username for accessing PII.
ii. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee within twenty-four (24) hours. Note: Twenty-four (24) hours is defined as one (1) working day.
iii. Passwords are not to be shared.
iv. Passwords must be at least eight (8) characters.
v. Passwords must be a non-dictionary word.
vi. Passwords must not be stored in readable format on the computer or server.
vii. Passwords must be changed every ninety (90) days or less.
viii. Passwords must be changed if revealed or compromised.
ix. Passwords must be composed of characters from at least three (3) of the following four (4) groups from the standard keyboard: WKW0722 -A1 Page 7 of 18 September 18, 2023 DocuSign Envelope ID: DC0B82C5-AF7E-4998-B860-0DAF084A6DDE
A. Upper case letters (A-Z)
B. Lower case letters (a-z) C. Arabic numerals (0-9)
User IDs and Password Controls. All users must be issued a unique username for accessing CDSS CSP. County’s password policy must be based on information security best practices for password length, complexity, and reuse.
User IDs and Password Controls. All users must be issued a unique user name for accessing DHCS data. Passwords are not to be shared. Must be at least eight characters. Must be a non- dictionary word. Must not be stored in readable format on the computer. Must be changed every 60 days. Must be changed if revealed or compromised. Must be composed of characters from at least three of the following four groups from the standard keyboard: • Upper case letters (A-Z) • Lower case letters (a-z) • Arabic numerals (0-9) • Non-alphanumeric characters (punctuation symbols)