User IDs and Password Controls. All users must be issued a unique user name for accessing DHCS PHI or PI. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password, at maximum within 24 hours. Passwords are not to be shared. Passwords must be at least eight characters and must be a non-dictionary word. Passwords must not be stored in readable format on the computer. Passwords must be changed every 90 days, preferably every 60 days. Passwords must be changed if revealed or compromised. Passwords must be composed of characters from at least three of the following four groups from the standard keyboard: • Upper case letters (A-Z) • Lower case letters (a-z) • Arabic numerals (0-9) • Non-alphanumeric characters (punctuation symbols)
User IDs and Password Controls. All users must be issued a unique user name for accessing Department PHI or PI. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password. Passwords are not to be shared. Passwords must be at least eight characters and must be a non- dictionary word. Passwords must not be stored in readable format on the computer. Passwords must be changed at least every 90 days, preferably every 60 days. Passwords must be changed if revealed or compromised. Passwords must be composed of characters from at least three of the following four groups from the standard keyboard:
User IDs and Password Controls. All users must be issued a unique username for accessing County PHI or PI. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password, at maximum within twenty-four
User IDs and Password Controls i. All users must be issued a unique username for accessing PII.
User IDs and Password Controls. All users must be issued a unique user name for accessing DSH PCI. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password. Passwords are not to be shared. Must be at least eight characters. Must be a non-dictionary word. Must not be stored in readable format on the computer. Must be changed every 60 days. Must be changed if revealed or compromised. Must be composed of characters from at least three of the following four groups from the standard keyboard: • Upper case letters (A-Z) • Lower case letters (a-z) • Arabic numerals (0-9) • Non-alphanumeric characters (punctuation symbols)
User IDs and Password Controls. All users must be issued a unique user name for accessing DHCS PHI or Pl. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password. Passwords are not to be shared. Passwords must be at least eight characters and must be a non-dictionary word. Passwords must not be stored in readable format on the computer. Passwords must be changed at least every 90 days, preferably every 60 days. Passwords must be changed if revealed or compromised. Passwords must be composed of characters from at least three of the following four groups from the standard keyboard:
User IDs and Password Controls. 1. All users must be issued a unique user name for accessing Medi-Cal PII.
User IDs and Password Controls. All users must be issued a unique username for accessing PHI. (a) Passwords are not to be share; (b) Must be at least eight (8) characters; (c) Must be a non-dictionary word; (d) Must not be stored in readable format on the computer; (e) Must be changed every sixty (60) days; (f) Must be changed if revealed or compromised;
User IDs and Password Controls. All users must be issued a unique user name for accessing DOM data. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password, at maximum within twenty-four (24) hours. User IDs shall be, purged after ninety (90) days of inactivity. Passwords are not to be shared. Passwords must be at least eight (8) characters and must be a non-dictionary word. Passwords must not be stored in readable format on the computer. Passwords must be changed every thirty (30) days. Passwords must conform to the following guidelines: • Passwords must contain at least eight (8) characters. • Passwords must contain a combination of lower case letters, upper case letters, numbers, and at least one (1) symbol. • Minimum password age of 1 day. • Maximum password age of 60 days. • Enforce at least four (4) changed characters when new passwords are created. • Prohibit password reuse for 24 generations. • Passwords must not contain the user ID. • Passwords must not include personal information about the user that can be easily guessed: user’s name, spouse’s name, kid’s name, employee number, social security number, birth date, telephone number, city, etc. • Passwords must not include words from an English dictionary or foreign-language dictionary. • Passwords must not contain any simple pattern of letters or numbers such as “qwertyxx”, “12345678”, or “xyz123xx.” Two Factor Authentication (2FA) is preferred.
User IDs and Password Controls. All users must be issued a unique user name for accessing Protected Data. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password. Passwords: are not to be shared; must be at least eight characters; must be a non-dictionary word; must not be stored in readable format on the computer; must be changed every 60 days; must be changed if revealed or compromised and must be composed of characters from at least three of the following four groups from the standard keyboard: • Upper case letters (A-Z); • Lower case letters (a-z); • Arabic numerals (0-9); and • Non-alphanumeric characters (punctuation symbols).
