Approved by the Chancellor, December 20, 2007
University
of North Carolina at Charlotte
Password
Regulation
Supplemental
to Policy
Statement #102
I.
Purpose
The purpose of this regulation is to establish requirements
for faculty, staff, students and other authorized users
regarding passwords in order to protect individual and
University information and resources. Adherence to this
policy will help ensure that the University network
and information systems are secure and available to
all authorized users.
II.
Scope
The scope of this regulation includes all UNC Charlotte
faculty, staff, students and all authorized users who
have or are responsible for an account (or any form
of access that supports or requires a password) on any
system that resides at any UNC Charlotte facility or
has access to the UNC Charlotte network. Each user
and/or system administrator on the UNC Charlotte network
is required to implement the password requirements listed
in this document.
III.
Definitions
Authorized User: An individual that is not a UNC Charlotte
faculty, staff or student who has been granted permission
to access University server, workstation, networked
device or application.
Password: A
string of characters which serves as authentication
of a person’s identity, which may be used to grant,
or deny, access to private or shared data.
Special Account: An account that is permitted privileges
above and beyond those of normal users. Examples
of this type of account include:
root, super user, supervisor, manager, administrator,
oracle, etc.
Strong Passwords: A strong password is a password that is designed to be hard for a person,
program or automated process to discover. It is normally
constructed of a sequence of characters, numbers,
and special characters, depending on the capabilities
of the operating system. Typically the longer the
password the stronger it is. It should never be a
name, dictionary word in any language, an acronym,
a proper name, a number, or be linked to any personal
information about you such as a birth date, social
security number, and so on.
System Administrator: A person who is responsible for properly maintaining
a server, workstation, networked device or application.
IV.
Regulation
All
University-affiliated passwords should meet the requirements
described below.
1. All passwords used must be strong passwords
2. Passwords must expire within the
following intervals:
Passwords will be audited on a periodic
or random basis by the Information Technology Security
Office or their delegates for compliance purposes.
If a password is guessed or cracked during one of
these scans, the user will be required to change
it. If a password is revealed to have been compromised
the user will be required to change it.
Any known violations of this policy
should be reported to the University's Information
Technology Security Office.
Violations of this policy can result
in immediate withdrawal or suspension of system
and network privileges and/or disciplinary action
in accordance with University procedures.
The University may advise law enforcement
agencies when a criminal offense may have been committed.
No exceptions to this Regulation are allowed assuming
the technology is available to adhere to the Regulation.
Upon
approval, this regulation shall be published on
the appropriate UNC Charlotte web site(s). The following
offices and individuals shall be notified in writing
with any subsequent revisions or amendments made
to this Regulation:
