Policy Name: Password Policy
Policy Purpose: The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of password changes.
Scope: The scope of this policy includes: 1) All personnel who are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Pittsburg State University facility
2) All individuals who have access to the PSU network, and
3) All systems (where enforcement is possible) that store any non-public PSU information.
General Policy Provisions
Passwords are an essential aspect of computer security, providing important front-line protection for electronic resources by preventing unauthorized access. Passwords help the University limit unauthorized or inappropriate access to various resources at PSU, including user-level accounts, web accounts, email accounts, screen saver protection, and local switch logins.
A poorly chosen password may result in the compromise of University systems, data, or network. Therefore, ALL PSU students, faculty, and staff are responsible for taking the appropriate steps, as outlined below, to select appropriate passwords and protect them. Contractors, vendors, and affiliated organizations with access to University systems also are expected to observe these requirements.
A department and/or system administrator may implement a more restrictive policy on local systems where deemed appropriate or necessary for the security of electronic information resources. The Office of Information Services (OIS) can require a more restrictive policy in protection of confidential data.
Passwords created by users of University systems, and on systems where technology makes enforcement possible, must conform to the following guidelines:
These provisions will be enforced electronically whenever possible.
Group accounts are ID’s and passwords that are shared between a specific group of people. Group accounts are strongly discouraged and only allowed when other alternatives are not feasible. When group accounts are necessary, then strong account protection is required. The following OIS mandated protections apply:
Reporting Password Compromises
Suspected compromises of passwords must be reported immediately to the IT Security Officer, extension 4657, ITSecurity@pittsate.edu ; or the Gorilla Geeks, extension 4600, email@example.com.
The password in question should be changed immediately.
Any individual who violates this policy may lose computer and/or network access privileges and may be subject to remediation and/or disciplinary action in accordance with and subject to appropriate University policy and procedures.
Responsible Office: Office of Information Services
Approved by Information Technology Council: March 14, 2013
Signed by President Steve Scott:
Effective: January 1, 2006
Review Cycle: Annual