Administrative Regulations

4108

ADMINISTRATIVE REGULATIONS

Personnel

Professional/Administrative/Classified

Employee Computer Account Security

Overview

Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorized access and/or exploitation of BASD's resources. All users, including contractors and vendors with access to BASD systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

Purpose

The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.

Scope

The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any BASD facility, has access to the BASD network, or stores any non-public BASD information.

Guidelines

Complex Password Requirements - Passwords must meet the following minimum requirements:

·  Must be at least eight(8) characters in length

·  Cannot contain all or part of the user's account name(logon)

·  Must contain characters from three of the following four categories:

o  English uppercase characters (A through Z)

o  English lowercase characters (a through z)

o  Base 10 digits (0 through 9)

o  Non-alphabetic characters (!, $, #, %)

Password Locking - Five (5) unsuccessful password attempts for any user will result in a locked account for 30 minutes or until a System Administrator unlocks the account.

Password Expiration - Password expiration will occur every 90 days from creation or change of a user’s password. Twenty-one days’ notice will be given prior to a password expiring.

Password history – Determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. A password history of five (5) is retained.

Vendor Access - All vendor accounts are disabled until requests for access are granted by Boyertown Area School District. Named vendor accounts exist for administrative access to designated servers, for the purpose of troubleshooting and/or installing release updates.

The Superintendent or designee is responsible for the enforcement of this policy.

Boyertown Area School District Issued: 5/30/14

Boyertown, Pennsylvania