Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Password Standard at CSULB for all applications that access level 1 and/or level 2 data are NIST level 2 compliant.  In addition to composition rules defined above, the following criteria illustrate the NIST level 2 threshold settings.
Image Removed
 

NIST Criteria

Criteria Composition

Measure

All User Accounts

Password Minimum Length

10

Password Lifetime (in days)

365

Dictionary Check

FALSE

Password Composition Rules

TRUE

Number of Failed Authentications before Acct Lock

5

Account Lock Duration (in minutes)

330

NIST Password Threshold Level

2

figure 1:  NIST Password Standard

 

Password Change Frequency

System

Employees

Students

Common Financial System

annual

n/a

Oracle HCM (HR/SA) administrative system

annual

n/a

BeachID/campus LDAP, AD-based systems

annual

annual

figure 2:  Password Change Frequency