Scribd
Upload
84 views3 pages

Password Management: 1 Objective

This policy establishes standards for creating strong passwords, protecting passwords, and regularly changing passwords. It applies to all Goldstone Technologies systems and user accounts. The policy mandates changing passwords every 30-45 days, using strong passwords with mixed case, numbers and symbols that are at least 8 characters. Passwords must not be shared or stored in plain text. Violations may result in lost system access or disciplinary action.

Uploaded by

Bhaskaran Om
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
84 views3 pages

Password Management: 1 Objective

This policy establishes standards for creating strong passwords, protecting passwords, and regularly changing passwords. It applies to all Goldstone Technologies systems and user accounts. The policy mandates changing passwords every 30-45 days, using strong passwords with mixed case, numbers and symbols that are at least 8 characters. Passwords must not be shared or stored in plain text. Violations may result in lost system access or disciplinary action.

Uploaded by

Bhaskaran Om
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

-------------------------------------------------------------------------------------------------

Password Management

1 OBJECTIVE

The main objective of this policy is to establish a standard of creation of strong passwords, protection of
those passwords and maintain a systematic/frequency of change of password

2 SCOPE

This scope of this policy will involve all personnel who have their user account created in Goldstone
Technologies resources systems like servers, networks, desktops, applications etc including customer
resources systems.

3 APPLICABILITY

This policy is applicable for the all the systems (Servers i.e.) OS, Network components and applications) and
users of Goldstone.

4 DETAILED POLICY

4.1 General
 All LIVE/Production systems level passwords both at system (OS), Network components and
application systems level must follow the global Password Management policy guidelines.

 All system level passwords ex.) Root, Administrator, enable password, any default user accounts
(OS, Databases, and Network devices) must be changed once in 30 – 45 days.
 All Administrator level passwords shall be stored in Fireproof safe cabinet.

 All user level passwords must be changed once in 30 – 45 days.

 If any user account is created which is equivalent to Administrator account, the password
should be different from that of administrator user account.

 Passwords must not be communicated through mail or any form of electronic communication
like SMS etc and/or written in notebook, paper etc.
 All users including administrator users must not use the same or similar passwords which are
used in public systems like yahoo, Google, etc.

 Any Passwords should not be in clear text form.

Page 1
-------------------------------------------------------------------------------------------------
 Users will be authenticated by individual user name then password and not by groups.

 Password guidelines must be followed for ensuring strong passwords are used in GTL.

4.2 Guidelines for Usage of Strong Password


 Change all the default passwords once the system is provided and made available to use.
 Password should contain both upper and lower case characters.

 Ensure that passwords have numeric numbers, special characters ex.) !@#$%^&

 Passwords must be equal to or more that 8 alphanumeric characters and/or is a passphrase.

4.3 Password Protection


 Passwords should NOT be individual name, common names, organization names, family
member names, popular places names, dictionary words etc.

 Passwords should NOT have repeated letters, patterns etc.


 Users shall not share their password with others or shall not reveal the same to others under
any circumstances. If they do so then they shall be accountable for the actions taken by the
other party with the password.

 Do NOT reveal your organization passwords to your friends, relatives, colleagues.

 Do NOT reveal your password over phone to anyone.

 Do NOT reveal your password over email, SMS, Chat etc.

 Do NOT disclose your password in meetings, open forums, etc.

 Do NOT enable “remember password” option in any application or system

5 EXCEPTIONS

There are no exceptions to this policy.

6 COMPLIANCE
Violations of this policy or any other GTL policy or regulation may be subject to revocation or
limitation of computer and network privileges, as well as, other disciplinary actions that may be referred to
the disciplinary committee and appropriate external law enforcement authorities, as applicable

Page 2
-------------------------------------------------------------------------------------------------
7 ROLES &RESPONSIBILITIES

Role Responsibility

Information Security Group  Policy Ownership, Development and


Maintenance

 Compliance audit & risk reviews

GIM Group  Procedure Development and Maintenance

 User Provisioning and De-provisioning


 Access Security Configuration,
Implementation and Administration

 Monitoring

8. RELATED DOCUMENTS AND REFERENCES

 Guidelines for user access management

 User Guidelines

 Logical Access Management Policy

Page 3

You might also like