Any suspected compromise of a pass-phrase must be reported in accordance with the University Incident Management Procedure. All pass-phrases used to access computing devices that connect to the UNC- Chapel Hill network or holding University Sensitive Information must meet the specific minimum requirements described in this Standard and must be traceable to individual users.
NOTE: Contractors, vendors and others managing UNC-Chapel Hill systems are considered “Constituents.” StandardĪll UNC-Chapel Hill individual user, administrator, and system accounts are required to use a password/pass-phrase and/or other authentication method(s) in accordance with this Standard. This Standard applies to all University Constituents.Ĭonstituents who fulfill the duties of system or application administrators or other privileged technology roles have elevated responsibilities under this Standard. Best practice guidance may also exceed these minimum requirements. Group, unit, or departmental standards, or specific system security requirements may impose more stringent or additional requirements than the minimum set forth here. The Information Security Office (ISO) provides training, security awareness events and activities, and other information to assist you Users are encouraged to use strong pass-phrases and additional authentication methods above and beyond these minimum requirements. NOTE: These requirements must be met even if a system does not enforce the requirements with technical controls (users must select pass-phrases meeting or exceeding these standards even when a system would allow a weaker pass-phrase). Any suspected compromise of a pass-phrase must be reported immediately in compliance with the Policy on Incident Management. All authentication methods used to access computing systems that connect to the University network or contain University data must meet the specific minimum requirements described below and must be traceable to individual users. In accordance with the Information Security Policy this document sets forth password/pass-phrase requirements for all UNC-Chapel Hill individual user accounts, administrator accounts, and system accounts. Adherence to this Standard is essential to protect University Information and systems The failure to protect information through the use of strong passwords/pass-phrases and additional authentication methods may result in incidents that expose sensitive information and/or impact mission-critical UNC-Chapel Hill services.
Frequently, access to such information is controlled through the use of passwords, pass-phrases, and other authentication methods. Many information security incidents result from unauthorized access to information stored on computers.
University of North Carolina at Chapel Hill Standard on Passwords, Pass-phrases, and Other Authentication Methods Introduction Purpose
0 kommentar(er)
