Password Policy

SANS ( provides a wide range of security policies freely available on its website. These policies are based on these publicly available policies. You should visit SANS and use discussions in this chapter to spark your ideas. Granite Systems ( based these policies on those recommended by SANS and allowed me to present them here.

In this policy, the company’s IT security department is known simply as the Corporate Security Team for Granite Systems. Granite Systems and other Granite Systems–specific departments will appear in italics throughout the policy; if you want to reuse this policy, you can replace these designations with your own.


Passwords are a crucial aspect of computer security. ...

Get Network Security First-Step, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.