security-policies/policies/password-policy.md

646 B

Password Policy

Version: 2.1 | Owner: Information Security | Classification: Internal

Requirements

  • Minimum length: 14 characters
  • Must include: uppercase, lowercase, digits, special characters
  • No reuse of last 12 passwords
  • Maximum age: 60 days for privileged accounts, 180 days for standard
  • MFA required for all admin and remote access accounts

Password managers

Use the company-approved password manager (1Password Teams). Personal vaults must not store Nexus credentials.

Enforcement

Non-compliance results in account lockout after 5 failed attempts. Locked accounts require IT helpdesk intervention.