APPENDIX D

Sample Information Assurance Policy for Passwords

This is a sample policy. This password policy is based on one from NASA (www.nccs.nasa.gov/policies/passwd.html).

Password Policy

To remain in compliance with our information assurance policies, passwords on all computing systems must conform to the following standard:

      • A password is set to expire every 60 days. You are required, therefore, to change your password at least once every 60 days. (The 60-day period begins each time you change a password.)

      • A password must be at least 12 characters in length.

      • A password must contain the following:

         • Lowercase characters (a, b, c, and so on)

         • Uppercase characters (A, B, C, and so on)

         • Numerical ...

Get Information Assurance Handbook: Effective Computer Security and Risk Management Strategies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.