Password Management Policy
Purpose
Passwords are the primary form of user authentication used to grant access to Thompson Holdings Incoporated information systems. To ensure that passwords provide as much security as possible, they must be carefully created and used. Without strict usage guidelines, the potential exists that passwords will be created that are easy to break, thus allowing easier illicit access to Thompson Holdings Incoporated’s information systems, and thereby compromising the security of those systems.
Scope
The Password Management Policy applies to all information systems, information components and employees of Thompson Holdings Incoporated, including all temporary or contract workers. To ensure that passwords provide as much security as possible, they must be carefully created and used. Strong and secure passwords are essential for the following:
- Desktops, laptops, smart phones, tablets and other devices that provide distributed computing capabilities.
- Servers, SAN, NAS and other devices that provide centralized computing capabilities.
- Routers, switches and other devices that provide network capabilities.
- Firewalls, IDP sensors and other devices that provide dedicated security capabilities.
- Cloud services, including but not limited to, infrastructure as a service, platform as a service and/or software as a service.
Policy Statements
- Passwords must be constructed according to set length and complexity requirements. As such, passwords must meet the following requirements:
- 8 characters long
- At least 1 upper case letter
- At least 1 numeric
- At least 1 special character
- Passwords shall NOT contain the following:
- Email addresses or parts of your email address.
- First Name or parts of your First Name.
- Last Name or parts of your Last Name.
- User Name or parts of your User Name.
- Parts of the company name, i.e. ThompsonEng.
- Passwords will have both a minimum and maximum lifespan. As such, passwords must be replaced at a maximum of 90 days and at a minimum of 30 days.
- Passwords may not be reused any more frequently than every 36 months. Reuse includes the use of the exact same password or the use of the same root password with appended or prepended sequential characters.
- Passwords are to be used and stored in a secure manner. As such, passwords are not to be written down on a sticky note on your monitor or desk or stored electronically on an unsecured device or application.
- Passwords are to be individually owned, are to be kept confidential and are not to be shared under any circumstances.
Non-Compliance
Violations of this policy will be treated like other allegations of wrongdoing at Thompson Holdings Incoporated. Allegations of misconduct will be adjudicated according to established procedures. Sanctions for non-compliance may include, but are not limited to, one or more of the following:
- Disciplinary action according to applicable Thompson Holdings Incoporated policies;
- Termination of employment; and/or
- Legal action according to applicable laws and contractual agreements.
Agreement
I have read and understand the Password Management Policy. I understand that if I violate the rules explained herein, I may face legal or disciplinary action according to applicable laws or company policy.
___________________________________________
Employee Name
___________________________________________ _______________________________________
Employee Signature Date