Password Management Security Procedure
Password Management Security Procedure
0
Classification: Internal
2.1 Purpose:
2.1.1 Enforce adequate password controls in systems and at the user level.
2.1.2 Protect information and information assets related to the user.
2.1.3 Ensure that only authorized users can access certain information, applications, services and
systems.
2.1.4 Protect the Confidentiality, Integrity and Availability of information, systems, services, and
applications within the HCT network.
2.2 Scope:
The scope of this policy includes all personnel who have or are responsible for an account (or
any form of access that supports or requires a password) on any system that resides at any
HCT facility, has access to the HCT network, or stores any non-public HCT information.
2.3 Policy:
Page 9 of 60
Central Services الخدمات المركزية
PO Box 25026, Abu Dhabi, United Arab Emirates, Tel: +971 2 681 4600, Fax: +971 2 681 5833
Website: www.hct.ac.ae
IT Security Policy v1.0
Classification: Internal
Page 10 of 60
Central Services الخدمات المركزية
PO Box 25026, Abu Dhabi, United Arab Emirates, Tel: +971 2 681 4600, Fax: +971 2 681 5833
Website: www.hct.ac.ae
IT Security Policy v1.0
Classification: Internal
2.3.7.8 User account will be locked out after 10 failed-login attempts for normal users. Privileged user
accounts password will be locked out for 1 day after 5 failed login attempts, which can be
unlocked only by administrator on the same day.
Page 11 of 60
Central Services الخدمات المركزية
PO Box 25026, Abu Dhabi, United Arab Emirates, Tel: +971 2 681 4600, Fax: +971 2 681 5833
Website: www.hct.ac.ae