15.51 – NMSU Account Password Requirements

Print Friendly, PDF & Email

Details

Scope: NMSU System

Source: ARP Chapter 15 | Information Management and Data Security

Rule Administrator:

Last Updated: 05/08/2018

Related

Cross-Reference:

Revision History:

05/08/18 Amendment approved by Chancellor

2017 Recompilation, formerly Rule 2.35.1.2.1

PART 1: PURPOSE


To protect the integrity of NMSU IT resources and data, account passwords must be utilized which comply with NMSU IT standards.  This rule specifies the general requirements, and links to the more specific standards required, based on the level of authorized access per user.  Users of any NMSU-authorized account which accesses NMSU IT resources and data are subject to this rule.

 

PART 2:  PASSWORD REQUIREMENTS


Each account user is required to adhere to the password standards set forth in this rule.  Most password standards fall into two categories:  1) General user account password requirements and 2) Privileged user account requirements.  Password standards are established based on legal requirements and IT security best practices, differentiated by the type of data or IT resource the account is authorized to access. Generally, a password is most secure the longer it is and the easier it is to remember. NMSU encourages the use of a passphrase for account passwords.

The specific password standards required of each NMSU account user is linked here:

  1. General User Account Password Standard
  2. Privileged User Account Password Standard

 

PART 3:  DUTY TO MAINTAIN CONFIDENTIALITY AND TO REPORT SECURITY CONCERNS  


  1. Confidentiality of Password: Assignment of an NMSU account, typically required to perform one’s job, grants access to NMSU IT resources and data, potentially including access to NMSU Affiliate data or confidential proprietary data. Each user is responsible to protect this access. Never share your account password with any other person, including a supervisor. NMSU will never ask you for your password via an unsolicited email, phone call, screen pop-up or in-person request.
  2. Phishing Awareness: NMSU accounts are most commonly compromised when a user responds to an Email phishing scam. Never click a link in an unsolicited email, without first verifying the authenticity of the link.
  3. Report Potential Computer Security Issues: Account owners should immediately report a possible password compromise to the NMSU helpdesk or abuse@nmsu.edu and set a new password on the account.
  4. Requirement to abide by Password Standards: The account password standards by type of user are linked to this rule above and provide additional information, including minimum requirements for a secure password and consequences for non-compliance.  These standards are incorporated into this rule by reference and users must review and abide such standards.  ICT is authorized to update and amend the standards, provided they remain posted and notice is given to the university community each time they are changed.