36 Miss. Code. R. 1-11.4
Each agency must instruct their users to follow these guidelines for the purpose of protecting passwords:
A. Passwords must not be disclosed to anyone
except in emergency circumstances or when there is an overriding operational
necessity.
B. Hard copies of
passwords (i.e. printed out or written down) should be considered
sensitive.
C. Passwords must not be
sent in clear text over the network. Secure Shell (SSH) and HTTPS must replace
Telnet and HTTP for authentication.
D. Passwords must be unique per
user.
E. The password change
interval is a maximum of ninety (90) days; however, ITS recommends that
agencies consider using a 30 or 60 day interval depending on the classification
of their data. Password reuse should be minimized or prohibited.
F. Default passwords must be
changed.
G. Passwords must be
required on all user accounts.
H.
Passwords suspected to be stolen or cracked must be changed immediately and
notification must be given to the user's supervisor and system
administrator.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.