3-48 Password Policy

About CMU's "Creating strong, secure passwords for use at CMU policy"

This policy grants authority to CMU's Office of Information Technology to set standards for the creation and management of strong, secure passwords for use in accessing CMU-owned data, systems, devices and networks.

NOTE ABOUT PDF VERSION: The PDF is the official text of the policy. If there are any incongruities between the text of the HTML version and the text within the PDF file, the PDF will be considered accurate and overriding.

ACCESS/DOWNLOAD PDF VERSION

Attachments are included in the PDF file.
Effective date of this revision: July 1, 2019
Contact for more information: Office of Information Technology

BACKGROUND

Central Michigan University (“CMU”) user accounts are the first line of defense against external intrusion into its data, systems, and networks by unauthorized individuals. Constructing secure passwords and ensuring proper password management are essential. Poor password management and construction can allow both the dissemination of information to undesirable parties and unauthorized access to CMU resources. Poorly chosen passwords are easily compromised. Standards for proper password creation and management greatly reduce these risks.

PURPOSE

This policy establishes the need for minimum standards for password creation and management. It applies to all CMU-owned systems and devices, and, as noted in the Responsible Use of Computing Policy, to all systems and devices accessing CMU systems and Institutional Data.

POLICY

CMU’s Office of Information Technology will create and maintain password standards consistent with industry best practices that will be used for access to CMU data, systems, and networks. These standards can be found at this link: CMU_Password_Standard (cmich.edu). Account holders and system administrators will protect the security of those passwords by managing passwords in a responsible fashion. System developers will develop systems that store or transmit password data responsibly and that use secure authentication and authorization methods to control access to accounts.

ENFORCEMENT

Each CMU department/unit is responsible for implementing, reviewing and monitoring internal policies, practices, etc. to assure compliance with this Policy.

The Chief Information Officer (CIO) is responsible for enforcing this policy and is authorized to set specific password creation and management standards for CMU systems and accounts.

RELATED POLICIES AND OTHER RESOURCES

Responsible Use of Computing Policy
Data Stewardship Policy
Information Security Policy

AMENDMENTS AND ADDITIONS

The CIO may approve exceptions to this policy. All amendments and additions to this policy will be drafted by a committee convened by the CIO and will be reviewed and approved by the Provost and the President. Changes in this policy will be appropriately publicized.

Central Michigan University reserves the right to make exceptions to, modify or eliminate this policy and or its content. This document supersedes all previous policies, procedures or guidelines relative to this subject.