...
Scope:
This policy covers all user, application, system, and network level passwords, including those for web-based applications and production database serversservers. However, it subject to system/application capability.
Effective Date:
1st January 2025
...
Multi-Factor Authentication (MFA): MFA is required (subject to system/application capability) for accessing sensitive systems to add an additional layer of security beyond just passwords.
Security Awareness Training: All users recommended undergo annual security awareness training, which includes recognizing and defending against phishing and social engineering attacks.
Password Policy Audits: Regular Yearly audits will be conducted to ensure compliance with this password policy.
Incident Response: In the event of a suspected password compromise, users must follow the APU's incident response plan to mitigate and report the incident.
...