For example, use password-protected screen savers Require users to re-enter their passwords to reactivate sessions that are idle for more than 15 minutes.After six failed attempts, the account must be locked for no less than 30 minutes or until an administrator enables the user account Limit repeated failed access attempts to no more than six.Change all default or vendor-supplied passwords, encryption keys, and SNMP community strings.Review and remove unnecessary accounts from the list of user accounts.For more information, see the National Institute of Standards and Technology (NIST) Special Publication 800-57. Examples of industry-tested and accepted standards and algorithms for encryption include AES (128 bits and higher), TDES (minimum double-length keys), RSA (1024 bits and higher), ECC (160 bits and higher), and ElGamal (1024 bits and higher). SHA-1 is an example of an industry-tested and accepted hashing algorithm. Cryptography is a method to protect data and includes both encryption (which is reversible) and hashing (which is not reversible, or Äúone way‚ Äù). Strong encryption is defined as cryptography based on industry-tested and accepted algorithms, along with strong key lengths and proper key-management practices. Wherever passwords are stored, they are strongly encrypted. Users cannot submit a new password that is the same as any of the last four passwords they have used. Passwords must be set to expire after no longer than 90 days and must be changed. Decommissioning Computer Systems and Electronic Media DevicesĪll passwords to systems that access credit card information/transactions must conform to Cornell University's password complexity guidelines.Limiting Physical Access to Cardholder Data.
0 Comments
Leave a Reply. |