Add to collection(s) Add to saved
  1. Business
  2. Accounting

NID Password Change Frequency

advertisement 
NID Password Change Frequency
PIC Submission dated 7/10/13
University Audit and Finance & Accounting Tax
Summary
• As UCF implements shibboleth, the need for
different log-ins and passwords will be
reduced.
• The myUCF Federated Identity login system
has allowed for ARGIS, PARIS, AURORA, TERA,
COI and interlibrary loan to be accessed via a
single-sign in.
• UCF uses best-practices for its password
requirements.
Reason for Password Changes
• to reduce the risk that passwords may be
discovered by unauthorized users who may
gain access to the University’s critical
information.
• The risk increases with the length of time
between password changes
Basis for the 60 Day Interval
• UCF Policy 4-008 Data Classification and
Protection requires “passwords on systems
holding confidential data must be changed every
60 days or less”
• CS&T University Standards 501-101 Password
Standards recommends that systems “observe
these requirements via technical controls (e.g.
password expiration controls) so that all
university affiliated account passwords follow this
policy.”
Basis for the 60 Day Interval
• In a State Audit of CS&T completed in 2011,
the Auditor General recommended the 60
day frequency for “general user accounts for
critical or sensitive applications”.
Regulatory Requirements
• Federal regulations (HIPPA Security Rule/ HiTech Act
Section 164.308 (a)(5)(ii)(D) ) require only that
passwords be changed and do not stipulate an interval.
• Board of Governors Regulation 3.0075 Security of Data
and Related Information Technology Resources, (3)
states “the university’s security plan should be “based
on best practices acquired from resources such as:
Educause, National Institute of Standards (NIST),
Information Systems Audit and Control Association
(ISACA) or other recognized sources of information
security practices and procedures.”
Industry Best Practices
• NIST Standards / FISMA Provision Section
15.1.6 suggests that passwords are changed at
least every ninety days.
• ISO 17799_2005 Standards Section 11.3.1
Password Use, also only suggest that
passwords be changed at regular intervals,
and avoid re-using or cycling old passwords.
Impact of Single Sign On
• The CS&T university wide initiative toward a
single login credential using Shibboleth Federated
Identity software allows users to sign in to the
portal and transfer to other applications without
having to sign in again.
• The progression of this initiative will help to
mitigate inefficiencies associated with more
restrictive password change frequency
requirements.
Summation
• The current password change frequency is set
at a 60 day interval to comply with an Auditor
General recommendation, reduce risk of
unauthorized users, and follow best practice.
Action Plan
• To address community concerns, CS&T could
clarify purpose for password changes and
associated risk in university standards
documentation.
Related documents
Password-Based Football
Password-Based Football
How to start Whitepins - AMAS-Team
How to start Whitepins - AMAS-Team
Slide 1
Slide 1
password - Department of Computer Science
password - Department of Computer Science
windowsAuthentication
windowsAuthentication
Password_security_terminology_research_task_brenna
Password_security_terminology_research_task_brenna
Open_Source_InfoSec - Open Source Club at Ohio State
Open_Source_InfoSec - Open Source Club at Ohio State
Age Category Common Sense Media Unit Resources Curriculum
Age Category Common Sense Media Unit Resources Curriculum
Edlio PowerPoint - Hemet Unified School District
Edlio PowerPoint - Hemet Unified School District
St. Ambrose Information Resources
St. Ambrose Information Resources
Log on to flinders.edu.au/setup 2. Enter your FAN & Password
Log on to flinders.edu.au/setup 2. Enter your FAN & Password
Homework 3 Solutions
Homework 3 Solutions
PASSWORD GUIDELINES
PASSWORD GUIDELINES
A Study of various combinations of password rule parameters v3
A Study of various combinations of password rule parameters v3
tutorial sheet 06_an..
tutorial sheet 06_an..
CS 433
CS 433
here
here
Password Regulation - Edmonton Catholic Schools
Password Regulation - Edmonton Catholic Schools
Internet Usage Policy
Internet Usage Policy
Fellow Talk - Simons Institute for the Theory of Computing
Fellow Talk - Simons Institute for the Theory of Computing
Security
Security
Network Security - PCA Task 1
Network Security - PCA Task 1
Download
advertisement