HMC Password Policy
Effective November 16, 2011
The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of password change.
All users, including contractors and vendors with access to Harvey Mudd College systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
The CIO/VP for Computing and Information Services is responsible for ensuring policy compliance on systems that are owned or managed by CIS. Vice Presidents and Department Chairs are responsible for ensuring policy compliance within their respective areas.
Passwords are an essential aspect of computer security, providing important front-line protection for electronic resources by preventing unauthorized access to various network resources and local devices.
A poorly chosen password may result in the compromise of College systems, data, or the network. Therefore, all HMC students, faculty, and staff are responsible for taking the appropriate steps, as outlined below, to select appropriate passwords and protect them. Non-HMC students, contractors and vendors with access to College systems also are expected to observe these requirements.
College faculty, staff or students making use of third party systems to conduct College business on a regular basis, such as Jenzabar CX (managed by Pomona College), DirectorsDesk, Formstack, Admission Labs, Gmail, etc, are advised to select strong passwords for those systems.
For HMC systems, the following apply:
EXCLUSIONS OR SPECIAL CIRCUMSTANCES:
Systems or services that, for technical reasons, cannot meet the minimum complexity standards must be documented and secured as much as possible. Serious consideration should be given to whether they need to be connected to the network at all.
Responsible Office: Vice President for Computing and Information Services
HMC President’s Cabinet
November 16, 2011
November 16, 2011
The format and much of the content of this policy are based on documents available in the University of Kansas Policy Library as well as the SANS Institute password policy.
Policies: Claremont Appropriate Use Policy http://goo.gl/xYS7e
Other: CIS report on Password Manager tools http://goo.gl/Oew5k
8/10/2012: Joseph Vaughan; Updated to include links to
Appropriate Use Policy and Report on Password Managers.
<mm/dd/yyyy: Approved by; Short description of action>