Purpose:
To ensure the security of systems passwords
Statement:
All systems passwords will be stored in a central encrypted location. Access to this directory is restricted to the college's Chief Information Officer and the Chief Security Officer.
Description:
All systems passwords that are not tied to a user's active directory credentials will be stored in a central encrypted location.
- Access to this directory is restricted to the college's Chief Information Officer and the Chief Security Officer.
- System passwords are made available to relevant staff only through the approval of the college's Chief Information Officer or the Chief Security Officer.
- All systems passwords will be expired every 90 days, effective May 1, 2009.
- The College's Chief Security Officer will maintain a directory of authorized personal who have access to specific systems passwords. This directory will be reviewed every thirty days and also in the event of a personnel action.
- The dissemination of systems passwords to outside agencies and third party vendors is prohibited without the written permission of the college's Chief Information Officer or the Chief Security Officer.
- Outside agencies and third party vendors who do require systems passwords will be assigned a unique login account. The passwords associated with these accounts will expire every thirty days or on termination of any contractual agreement.
Additional Information:
Approved By: Don Vescio
Date of Origination: 2/9/2008
|
Last modified at 7/2/2009 7:55 PM by Vescio, Donald
|
|