Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password reset/expiration policies

From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Wed, 8 Feb 2012 16:04:38 -0500
We do 180 days as we could not get 90 days vetted.  We know that PCI requires 90 but feel that we have adequate 
additional controls in place to justify 180.

- Kevin


Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP
Chief Information Security Officer (CISO) and Assistant Vice President
Administration and Finance
University of Cincinnati

513-556-9177
TEWG-Region 6 TLO

The University of Cincinnati is one of America's top public research institutions and the region's largest employer, 
with a student population of more than 41,000.

[cid:image001.gif@01CCE67B.64649120]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger A 
Safian
Sent: Wednesday, February 08, 2012 4:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password reset/expiration policies

Enforced, everyone is the same, once per year.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Louis 
APONTE
Sent: Wednesday, February 08, 2012 2:50 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Password reset/expiration policies

Hi

How often do you force password changes at your institutions for central credentials?  Do you have different policies 
for different groups?  Are they enforced by technology or just "suggested best practices"?

Louis Aponte
Weber State University
Ogden, Utah
Desktop Security

Previous By Date Next
Previous By Thread Next

Current thread: