Category: Information Technology Title: Electronic Password Procedure Number: RRPR 3-126 Approved: 01/04/2005 Effective: 01/06/2005 Revised: Reference: CCCS IT STANDARDS DOCUMENT NUMBER XX-XX, DATED XX/XX/XX (number and date tbd) Purpose: This procedure sets forth the electronic password security practice that will be enforced for faculty and staff local area network access, and all non-student computer systems. Scope: This procedure applies to all RRCC faculty, staff, and other college authorized persons. This procedure will not apply to computer systems primarily for student use in student computer facilities. Attachment: CCCS IT STANDARDS DOCUMENT NUMBER XX-XX (number tbd). Definitions:
Network and client passwords: Windows username and password.
Computer BIOS password: hardware-level access to computers.
VPN/RAS password: the telecommuting password.
ERP system password: ERP credentials to the production systems.
WWW accounts passwords: credentials to external Web resources (these passwords are rarely changed unless initiated by the user; CCCS IT and RRCC Computer Services may disable the option for these credentials to be saved on local computers).
Security Procedures for creation and maintenance of electronic passwords ARE AS FOLLOWS:
a. Passwords will not be shared with any person or entity other than RRCC Computer Services personnel.
b. Passwords will not be displayed or concealed on or near the users’ workspace.
c. Passwords will not be the user’s name (full or in part), nickname, address, date of birth, username, or any term that can easily be guessed by someone familiar with the user.
d. Passwords will be a minimum of 8 characters.
Passwords will include characters from 3 of the following 4 categories:
i. Uppercase alpha characters (A..Z)
ii. Lowercase alpha characters (a..z)
iii. Base 10 digits (0..9)
iv. Special characters (!, $, #, %, etc.)
Passwords will automatically expire after 60 consecutive days of use.
Passwords will not require a minimum number of days of use.
Passwords will be restricted from re-use for the 15 previous passwords.
Accounts will be locked out or disabled after 4 consecutive failed logon attempts.
Accounts locked out will remain so for at least 20 minutes.
We are in room 1025 at the Lakewood Campus. Our phone is 303.914.6570.