|Description||Protect Authentication Methods: Service Providers, Network Operators, and Equipment Suppliers should develop an enforceable password policy, which considers different types of users, requiring users to protect, as applicable, either (a) the passwords they are given/create or (b) their credentials for two-factor authentication.|
|Network Type(s)||Cable; Internet/Data; Satellite; Wireless; Wireline|
|Industry Role(s)||Service Provider; Network Operator; Equipment Supplier|
|Keyword(s)||Cyber Security;Encryption;Information Protection;|
|Reference/Comments||Garfinkel, Simson, and Gene Spafford. "Users and Passwords". Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: OReilly and Associates, Inc. 1996. 49-69
US Government and National Security Telecommunications Advisory Committee (NSTAC) Network Security Information Exchange (NSIE). Administration of Static Passwords and User Ids. Operations, Administration, Maintenance, & Provisioning (OAM&P) Security Requirements for Public Telecommunications Network. Draft 2.0, August 2002. 'http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.. Note: This Best practice could impact 9-1-1 operations.