Standards Group:
YALE-MSS-9: Authentication and Authorization
YALE-MSS-9.3: Utilize secure passwords for authentication
Low Risk Endpoint
Required
Moderate Risk Endpoint
Required
High Risk Endpoint
Required
Low Risk Server
Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Required
High Risk Mobile Device
Required
Low Risk Network Printer
Required
Moderate Risk Network Printer
Required
High Risk Network Printer
Required
Details
This standard applies to all user accounts, administrative accounts, and service accounts.
- User accounts are defined as a username and password that grants an individual end-user access to the system.
- Administrative accounts are defined as a username and password that grants an individual privileged access (e.g. access to make system changes) to the system.
- Service accounts: are special user accounts that an application, service, or system uses to interact with the operating system. These types of accounts are typically used for automation.
This standard is met if the IT System utilizes Yale's Central Authentication System (CAS).
Controls
- YALE-MSS-9.3.1: Change all account usernames and passwords from defaults
- YALE-MSS-9.3.2: Align (or surpass) password security to align with the current requirements for Net ID credentials
- YALE-MSS-9.3.3: Lock mobile devices with a password, passcode or pin
- YALE-MSS-9.3.4: Prohibit password, passcode, or pin reuse for a specified number of generations
- YALE-MSS-9.3.5: Do not reuse passwords