Password Policy

A solid Password Policy is perhaps the most important security control an organization can employ.  Since the responsibility for choosing good passwords often falls to the end users, a detailed and easy-to-understand policy is essential.

This important policy covers minimum acceptable standards for network authentication, including password standards, use, and frequency of change.  The policy also includes user guidelines for creating secure and easy-to-remember passwords.

A Password Policy developed with the EZSecurityPolicy.com application will include the following detailed sections:

1. Overview
2. Purpose
3. Scope
4. Policy
    4.1. Password Construction
    4.2. Confidentiality of Passwords
    4.3. Change Frequency
    4.4. Password Incident Reporting
    4.5. Applicability of Other Policies
5. Enforcement
6. Definitions
7. Revision History

Available in the Bronze, Silver, and Gold Packages, this is a policy that is intended to be used by technical staff and management as well as distributed to end users.

Your custom Password Policy will be delivered immediately upon completion of the wizard via email, as both a PDF and an RTF file.  RTF files are editable in all major word processing programs, including Microsoft Word.

Our security policies were written based on a cohesive and integrated approach using security best practices stemming from the C-I-A triad of confidentiality, integrity, and availability.  This approach aligns with both real-world and industry standard-based objectives, resulting in an invaluable resource for your security policy management.  A Password Policy developed with the EZSecurityPolicy.com wizard will provide the foundation for a realistic, practical implementation of your IT security policy program.

Please contact us if you have any questions about this policy.

EZSecurityPolicy.com has delivered thousands of IT Security Policies to companies from 5 to 50,000 employees.  The management of EZSecurityPolicy.com has over 20 years of successful experience in the field of information security.