Policy Name
Authentication Management Policy

Authentication is the process to verify the identity of an individual, originator or receiver of information. Authentication will require at least identity (such as user login ID) and one more mechanism to prove your identity (such as passwords and/or tokens).

Authentication credentials must be:
  • Secured and protected in accordance with the highest level of data classification (i.e. "Secret") and encryption policy.
  • Stored separately from systems or application data.
  • Obscured when presented with the associated user or system ID.
  • Transmitted separately from their associated user or system ID.
  • Validated before access to systems, applications or data may occur.


The following benefits will be achieved:

  • Authentication credentials and access will be properly managed and maintained
  • Minimize potential for unauthorized access to information resources

All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Access Control