Keeping passwords unique and secure is of the utmost importance. Passwords should never be easily available or shared.
This policy will govern passwords for core Catalyst resources. Catalyst’s platform password policies are governed by the client and are specific to each instance.
Users are responsible for their passwords. Operators may be responsible for a shared password if applicable.
Single accounts should not be created for the purpose of shared use among employees for any software or system, unless it is due to system configuration constraints. Personal passwords shall not be exchanged between Catalyst users for any resources, and access to any resource under an account other than the current user shall not be permitted.
Account passwords should abide by the following characteristics where possible:
- Passwords should be changed every 90 days.
- Passwords should not be repeated for 10 password change cycles.
- Passwords must be complex: containing a capital letter, lowercase letter, number, and special character (3 of 4 must apply).
- Minimum password character length is 8 characters
Compliance will be maintained by policy where possible.
Violations of the policy will be met with corrective action and carry the possibility of disciplinary action up to, and including, termination.
Exceptions may be present where system limitations require a shared password.
Owner: Security and Compliance Committee
$Date: 2018-12-27 10:39:30 -0700 (Thu, 27 Dec 2018) $
$Revision: 472949 $