21 lines
646 B
Markdown
21 lines
646 B
Markdown
# Password Policy
|
|
|
|
**Version:** 2.1 | **Owner:** Information Security | **Classification:** Internal
|
|
|
|
## Requirements
|
|
|
|
- Minimum length: 14 characters
|
|
- Must include: uppercase, lowercase, digits, special characters
|
|
- No reuse of last 12 passwords
|
|
- Maximum age: 60 days for privileged accounts, 180 days for standard
|
|
- MFA required for all admin and remote access accounts
|
|
|
|
## Password managers
|
|
|
|
Use the company-approved password manager (1Password Teams).
|
|
Personal vaults must not store Nexus credentials.
|
|
|
|
## Enforcement
|
|
|
|
Non-compliance results in account lockout after 5 failed attempts.
|
|
Locked accounts require IT helpdesk intervention.
|