Section 2: Using PasswordsAnchor: #i1005547
This section describes how to improve the use of passwords as an objective of the Security Awareness policy. Improving the effectiveness of passwords provides an individual-based approach to the “Protect” objective of the Texas CyberSecurity Framework.Anchor: #i1020223
Minimum protocols and responsibilities must be in place to effectively create, use, and maintain secure passwords that reduce the risk of unauthorized access. Paramount among these is the confidentiality of all passwords. Individuals who suspect their password has been compromised must first create a new password and then report this suspicion through TxDOTNow.
Categories.TxDOT uses passwords to verify the level of access privileges granted to its network. All account passwords must conform to the standards established for each type of account. TxDOT will use Single Sign-On methods for individual user accounts whenever possible to reduce managing multiple passwords.
Expiration. Passwords must be changed periodically. Default passwords must be changed before accessing TxDOT's network.Anchor: #i1004118
All individuals who use TxDOT’s information technology and the data it contains must:
- use the appropriate password standards for the type of account to allow the correct level of authentication.
- conform to the password management practice established in the Information Security Program.
NOTE: Use the Exception Request Process to request an exemption to this policy. IF granted, the exemption must be included in the TxDOT Risk Register.Anchor: #i1105647
Compliance and Standards
See the “Password Standards” in the Information Security Standards manual for a list of the minimum standards necessary to comply with this objective of the Security Awareness Policy.