Your browser has JavaScript turned off.
You must turn it on to proceed.










NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-9-8079

Number 9-9-8079
Priority Highly Important
Description Use Strong Passwords: Service Provider, Network Operators, and Equipment Suppliers should create an enforceable policy that considers different types of users and requires the use of passwords or stronger authentication methods. Where passwords can be used to enhance needed access controls, ensure they are sufficiently long and complex to defy brute force guessing and deter password cracking. To assure compliance, perform regular audits of passwords on at least a sampling of the systems.
Network Type(s) Cable; Internet/Data; Satellite; Wireless; Wireline
Industry Role(s) Service Provider; Network Operator; Equipment Supplier
Keyword(s) Cyber Security;Encryption;Information Protection;
Reference/Comments Garfinkel, Simson, and Gene Spafford. "Users and Passwords". Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: O’Reilly and Associates, Inc. 1996. 49-69
US Government and National Security Telecommunications Advisory Committee (NSTAC) ISP Network Operations Working Group. Short Term Recommendations. Report of the ISP Working Group for Network Operations/Administration. May 1, 2002. 'http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations.