At a recent meeting of the Standards Review and Interpretation Committee (SRIC) the committee directed staff to post for client comments the following proposed standard revision. Please post your comments prior to Friday September 3rd, 2021.
6.8.7(M M M) Records or Informational System Password Access
The agency has a written directive regarding the computer, record or information systems, either internal or external, that require password access and addresses:
- password construction;
password changes at a minimum of every 90 days; and
- password access termination when employment status or position changes.
A good practice is to have passwords of at least eight characters including at least one upper case, one lower case, one alpha, and one numeric. (M M M)