Modern password policy examples

["Jim A. Bole" <jbole () STEVENSON EDU>]

x-post from HEISC-GRC listserv:

I'm looking for a good model and discussion around a modern password policy (even the name might be different).

Some specific areas I'm interested in discussing:


-        Policy for small private institution with few regulatory factors

-        Inclusion of passcodes for mobile devices

-        Inclusion of 2FA requirements

-        Inclusion of keys (APIs, etc)

-        Should it be called something different (authentication? Secrets?)

-        Any different requirements for different groups (faculty, staff, IT, etc)

I'll cross post in the general security listserv, but thought I'd give this one a try!

Jim Bole
Director of Information Security
Stevenson University
1525 Greenspring Valley Road
Stevenson, MD, 21153-0641
jbole () stevenson edu<mailto:jbole () stevenson edu> | O: 443-334-2696



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

<<attachment: winmail.dat>>