Authentication Mechanism Policy

Version: 1.00Issue Date: 12/16/2014

This Authentication Mechanism Policy is intended to ensure that computing devices used for the organization or on the organizational network implement proper authentication protection.

1.0 Overview

This Authentication Mechanism Policy is an internal IT policy which provides minimum authentication requirements and guidance about what authentication mechanisms can be used on computing devices.

2.0 Purpose

This Authentication Mechanism Policy is required to help ensure the security of computing devices on the network including servers, workstations, handheld devices, routers, firewalls, and switches.

3.0 Scope

This Authentication Mechanism Policy applies to all servers, network devices, network security devices, workstations, handheld devices, and switches which can store confidential data or should be protected from authorized access. This policy is effective as of the issue date and does not expire unless superceded by another policy.

4.0 Authentication Mechanism Requirements

Systems should have minimum authentication mechanism requirements listed below.

  • Users shall not share accounts or passwords with other users. All user accounts must be unique.
  • An adequately secure authentication mechanism must exist on all systems covered by this policy. The authentication mechanism must require a login and be secure enough to reasonably protect the type of system it is residing on considering both the security implications of a compromise of the system and the sensitivity of the data both stored on the system and accessed by the system.
  • If there is a failure of the system, users must go through the authentication process again to get back on the system.
  • User account information including account name and password shall not be sent over the network or internet without being encrypted with at least 128 bit encryption.

5.0 Enforcement

Since ensuring proper and secure authentication is important to maintain security and confidentiality of systems and data, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________