Common use of User IDs and Password Controls Clause in Contracts

User IDs and Password Controls. All users must be issued a unique user name for accessing DOM data. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password, at maximum within twenty-four (24) hours. User IDs shall be, purged after ninety (90) days of inactivity. Passwords are not to be shared. Passwords must be at least eight (8) characters and must be a non-dictionary word. Passwords must not be stored in readable format on the computer. Passwords must be changed every thirty (30) days. Passwords must conform to the following guidelines: • Passwords must contain at least eight (8) characters. • Passwords must contain a combination of lower case letters, upper case letters, numbers, and at least one (1) symbol. • Minimum password age of 1 day. • Maximum password age of 60 days. • Enforce at least four (4) changed characters when new passwords are created. • Prohibit password reuse for 24 generations. • Passwords must not contain the user ID. • Passwords must not include personal information about the user that can be easily guessed: user’s name, spouse’s name, kid’s name, employee number, social security number, birth date, telephone number, city, etc. • Passwords must not include words from an English dictionary or foreign-language dictionary. • Passwords must not contain any simple pattern of letters or numbers such as “qwertyxx”, “12345678”, or “xyz123xx.” Two Factor Authentication (2FA) is preferred.

User IDs and Password Controls. All users must be issued a unique user name for accessing DOM data. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password, at maximum within twenty-four (24) hours. User IDs shall be, purged after ninety (90) days of inactivity. Passwords are not to be shared. Passwords must be at least eight (8) characters and must be a non-dictionary word. Passwords must not be stored in readable format on the computer. Passwords must be changed every thirty (30) days. Passwords must conform to the following guidelines: •  Passwords must contain at least eight (8) characters. •  Passwords must contain a combination of lower case letters, upper case letters, numbers, and at least one (1) symbol. •  Minimum password age of 1 day. •  Maximum password age of 60 days. •  Enforce at least four (4) changed characters when new passwords are created. •  Prohibit password reuse for 24 generations. •  Passwords must not contain the user ID. •  Passwords must not include personal information about the user that can be easily guessed: user’s name, spouse’s name, kid’s name, employee number, social security number, birth date, telephone number, city, etc. •  Passwords must not include words from an English dictionary or foreign-language dictionary. •  Passwords must not contain any simple pattern of letters or numbers such as “qwertyxx”, “12345678”, or “xyz123xx.” Two Factor Authentication (2FA) is preferred.