Anchor: #i1015976

Section 2: Using Passwords

Anchor: #i1005547

Introduction

This section describes how to improve the use of passwords as an objective of the Security Awareness policy. Improving the effectiveness of passwords provides an individual-based approach to the “Protect” objective of the Texas CyberSecurity Framework.

Anchor: #i1020223

Protocol

Minimum protocols and responsibilities must be in place to effectively create, use, and maintain secure passwords that reduce the risk of unauthorized access. Paramount among these is the confidentiality of all passwords. Individuals who suspect their password has been compromised must first create a new password and then report this suspicion through TxDOTNow.

Categories.TxDOT uses passwords to verify the level of access privileges granted to its network. All account passwords must conform to the standards established for each type of account. TxDOT will use Single Sign-On methods for individual user accounts whenever possible to reduce managing multiple passwords.

Expiration. Passwords must be changed periodically. Default passwords must be changed before accessing TxDOT's network.

Anchor: #i1004118

Responsibilities

All individuals who use TxDOT’s information technology and the data it contains must:

  • use the appropriate password standards for the type of account to allow the correct level of authentication.
  • conform to the password management practice established in the Information Security Program.

NOTE: Use the Exception Request Process to request an exemption to this policy. IF granted, the exemption must be included in the TxDOT Risk Register.

Anchor: #i1105647

Compliance and Standards

See the “Password Standards” in the Information Security Standards manual for a list of the minimum standards necessary to comply with this objective of the Security Awareness Policy.

Previous page  Next page   Title page