Laserfiche WebLink
Security Policies and Procedures <br />C. Account management <br />A periodic check will be made of all User IDs and any redundant, dormant or unused <br />IDs will be removed. The ISO must review the privileges set up for User IDs no less than <br />once every year. <br />D. Application Specific IDs <br />Application Specific IDs and logins are used in support of automated applications, <br />transactions, processes or batch jobs. These have non -expiring passwords. <br />1. Application Specific IDs must not be used by individuals. <br />2. Application Specific IDs must be created only with the approval of the ISO, must <br />be documented and have strictly limited access rights. <br />3. Application Specific IDs must not have ad hoc or interactive capabilities on the <br />applications, systems, transactions or data involved. <br />XII. Authentication and Passwords <br />A. Overview <br />All systems, applications, databases or other information repositories shall require <br />users to authenticate themselves prior to granting access. Authentication may be via an <br />approved password scheme or via an access control device. All systems that support <br />2-factor authentication must have them enabled. <br />The authentication method used must suit the value of the information asset, matching <br />the cost of the authentication method against the level of protection required. In <br />general, administrative and other high -value User or Service IDs will use the most <br />secure methods of authentication. <br />B. Password format <br />Must be at least twenty (20) characters in length and must contain characters from all <br />of the following four (4) categories: <br />1. English uppercase characters (A through Z) <br />2. English lowercase characters (a through z) <br />3. Base 10 digits (0 through 9) <br />4. Non -alphabetic characters (for example, <br />28 <br />Rev.2015.8.6 <br />