Policy
Policy Name
Authentication Management Policy

Overview
Authentication is the process to verify the identity of an individual, originator or receiver of information. Authentication will require at least identity (such as user login ID) and one more mechanism to prove your identity (such as passwords and/or tokens).

Statement
Authentication credentials must be:
  • Secured and protected in accordance with the highest level of data classification (i.e. "Secret") and encryption policy.
  • Stored separately from systems or application data.
  • Obscured when presented with the associated user or system ID.
  • Transmitted separately from their associated user or system ID.
  • Validated before access to systems, applications or data may occur.

Justification

The following benefits will be achieved:

  • Authentication credentials and access will be properly managed and maintained
  • Minimize potential for unauthorized access to information resources

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
Authentication
Access Control