|Description||Change Passwords on a Periodic Basis: Service Providers, Network Operators, and Equipment Suppliers should change passwords on a periodic basis implementing a policy which considers different types of users and how often passwords should be changed. Perform regular audits on passwords, including privileged passwords, on system and network devices. If available, activate features across the user base which force password changes.|
|Network Type(s)||Cable; Internet/Data; Satellite; Wireless; Wireline|
|Industry Role(s)||Service Provider; Network Operator; Equipment Supplier|
|Keyword(s)||Cyber Security;Encryption;Information Protection;|
|Reference/Comments||Garfinkel, Simson, and Gene Spafford. "Users and Passwords". Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: OReilly and Associates, Inc. 1996. 49-69
US Government and National Security Telecommunications Advisory Committee (NSTAC) ISP Network Operations Working Group. Short Term Recommendations. Report of the ISP Working Group for Network Operations/Administration. May 1, 2002. 'http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations.