-------------------------------------------------------------------------------------------------
Password Management
1 OBJECTIVE
The main objective of this policy is to establish a standard of creation of strong passwords, protection of
those passwords and maintain a systematic/frequency of change of password
2 SCOPE
This scope of this policy will involve all personnel who have their user account created in Goldstone
Technologies resources systems like servers, networks, desktops, applications etc including customer
resources systems.
3 APPLICABILITY
This policy is applicable for the all the systems (Servers i.e.) OS, Network components and applications) and
users of Goldstone.
4 DETAILED POLICY
4.1 General
All LIVE/Production systems level passwords both at system (OS), Network components and
application systems level must follow the global Password Management policy guidelines.
All system level passwords ex.) Root, Administrator, enable password, any default user accounts
(OS, Databases, and Network devices) must be changed once in 30 – 45 days.
All Administrator level passwords shall be stored in Fireproof safe cabinet.
All user level passwords must be changed once in 30 – 45 days.
If any user account is created which is equivalent to Administrator account, the password
should be different from that of administrator user account.
Passwords must not be communicated through mail or any form of electronic communication
like SMS etc and/or written in notebook, paper etc.
All users including administrator users must not use the same or similar passwords which are
used in public systems like yahoo, Google, etc.
Any Passwords should not be in clear text form.
Page 1
�-------------------------------------------------------------------------------------------------
Users will be authenticated by individual user name then password and not by groups.
Password guidelines must be followed for ensuring strong passwords are used in GTL.
4.2 Guidelines for Usage of Strong Password
Change all the default passwords once the system is provided and made available to use.
Password should contain both upper and lower case characters.
Ensure that passwords have numeric numbers, special characters ex.) !@#$%^&
Passwords must be equal to or more that 8 alphanumeric characters and/or is a passphrase.
4.3 Password Protection
Passwords should NOT be individual name, common names, organization names, family
member names, popular places names, dictionary words etc.
Passwords should NOT have repeated letters, patterns etc.
Users shall not share their password with others or shall not reveal the same to others under
any circumstances. If they do so then they shall be accountable for the actions taken by the
other party with the password.
Do NOT reveal your organization passwords to your friends, relatives, colleagues.
Do NOT reveal your password over phone to anyone.
Do NOT reveal your password over email, SMS, Chat etc.
Do NOT disclose your password in meetings, open forums, etc.
Do NOT enable “remember password” option in any application or system
5 EXCEPTIONS
There are no exceptions to this policy.
6 COMPLIANCE
Violations of this policy or any other GTL policy or regulation may be subject to revocation or
limitation of computer and network privileges, as well as, other disciplinary actions that may be referred to
the disciplinary committee and appropriate external law enforcement authorities, as applicable
Page 2
�-------------------------------------------------------------------------------------------------
7 ROLES &RESPONSIBILITIES
Role Responsibility
Information Security Group Policy Ownership, Development and
Maintenance
Compliance audit & risk reviews
GIM Group Procedure Development and Maintenance
User Provisioning and De-provisioning
Access Security Configuration,
Implementation and Administration
Monitoring
8. RELATED DOCUMENTS AND REFERENCES
Guidelines for user access management
User Guidelines
Logical Access Management Policy
Page 3
