...
Policy Area | Requirements |
|---|---|
Password Strength | Passwords must be at least 12 characters, include a mix of character types, and avoid personal information and common words. |
Password Expiry | Passwords must be changed every 365 days or earlier where applicable. |
Password History | The last 4 passwords cannot be reused. |
Account Lockout | Accounts lock after 5 failed attempts for 30 minutes. |
Unattended Sessions | Workstations lock after 30 minutes of inactivity. |
Minimum Password Age | Users are required to wait at least one (1) day before changing their password. |
Additional Security Measures:
...