Policy
Policy Name
Secure Log-on Procedure and Message Policy

Overview
Access to operating systems must be controlled via a secure log-on process to ensure authorized access to information resources.

Statement
  • A login message warning (e.g. "banner") must be displayed on systems at login time to inform users about the conditions of use and access is limited to only authorized users.
  • Not provide access to or display system or application identifiers until after log-in process or valid authentication has been completed.
  • Not provide help messages that could be used by unauthorized user (e.g. log-in error messages must not indicate which part of authentication failed).
  • Limit the number of unsuccesful log-on attempts in accordance with Password Management Policy.
  • Ensure passwords are obscured during log-on process (e.g. replace characters with symbols).
  • Ensure passwords are not transmitted in clear text and protected in accordance with the Encryption Policy.

Justification

The following benefits will be achieved:

  • Ensure log-on procedures are appropriately controlled
  • Minimize potential for unauthorized access to information resources

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
Access Control