Educause Security Discussion mailing list archives
Password Management Policy & Standards
From: Carlos Lobato <clobato () NMSU EDU>
Date: Fri, 26 Feb 2016 15:34:15 +0000
All, I highly appreciate the discussion regarding this topic and would highly appreciate to hear from you more on the specifics of how are you addressing the frequency of changing passwords? Additionally, if you are changing your passwords, is this requirement applicable to all types of accounts including service accounts, highly privileged accounts, student accounts, ect.? If you are not changing your passwords at all, please let me know as well as including your reasoning. Carlos From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Carlos Lobato Sent: Wednesday, February 24, 2016 5:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password Management Policy & Standards Hello Colleagues, I'm working on promoting institutional compliance with our current password policy, which requires regular password changes every 120 days for all accounts. However, I would like to know if some of you have created a table or matrix listing all of your type of accounts and if password expiration dates vary depending on the type of account, which would be based on risk. If you have a listing, I would highly appreciate a link or a copy to your document. I am using various resources including the NIST SP 800-118 and I can share with the group after I finish my analysis and potentially re-write our current NMSU password policy to make more realistic. Thank you so much for any input that you may have. Carlos, Carlos S. Lobato, CISA, CISSP, CPA IT Compliance Officer New Mexico State University Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003 Phone (575) 646-5902 Fax (575) 646-5278
Current thread:
- Re: Password Management Policy & Standards, (continued)
- Re: Password Management Policy & Standards Joanna Grama (Feb 25)
- Re: Password Management Policy & Standards Mark I. Berman (Feb 26)
- Re: Password Management Policy & Standards Bradner, Scott (Feb 26)
- Re: Password Management Policy & Standards Brad Judy (Feb 26)
- Re: Password Management Policy & Standards David Sheryn (Feb 26)
- Re: Password Management Policy & Standards Mark Borrie (Feb 28)
- Re: Password Management Policy & Standards Joanna Grama (Feb 26)
- Re: Password Management Policy & Standards Brad Judy (Feb 26)
- Re: Password Management Policy & Standards McClenon, Brady (Feb 26)
- Re: Password Management Policy & Standards David Sheryn (Feb 26)
- Re: Password Management Policy & Standards Bradner, Scott (Feb 26)
- Re: Password Management Policy & Standards Kevin Reedy (Feb 26)
- Re: Password Management Policy & Standards Frank Barton (Feb 26)
- Re: Password Management Policy & Standards Dan Sarazen (Feb 26)
- Re: Password Management Policy & Standards Frank Barton (Feb 26)
- Re: Password Management Policy & Standards Kevin Reedy (Feb 26)
- Re: Password Management Policy & Standards Thomas Carter (Feb 26)
- Re: Password Management Policy & Standards Jones, Mark B (Feb 26)
- Re: Password Management Policy & Standards Thomas Carter (Feb 26)
- Re: Password Management Policy & Standards Jones, Mark B (Feb 26)