Common use of Authorization and Accountability Clause in Contracts

Authorization and Accountability. 2.1 Each individual must have a separate log-in account and password for network use. 2.2 Only one logical connection to the network is allowed for each individual. 2.3 Public and generic accounts must be restricted to specific workstation(s) and assigned to workgroups for select, specific business processes. 2.4 Create passwords that have a minimum of 8 characters with a combination of alphabetic (upper and lower-case), numeric, and special characters. 2.5 Change default passwords provided by the vendor for access to applications/systems on the network. 2.6 Create different passwords for applications/systems on the network. 2.7 Do not share or disclose passwords. 2.8 Intruder lock-out must be enabled for passwords if the option is provided by the software. 2.9 Do not record or write down passwords and store in a manner that can be easily accessed by others. 2.10 All passwords must be changed on a specified, periodic basis. 2.11 All requests for resetting network passwords must be made by the I.T. Liaison via email to the CSC. 2.12 Immediately inform the CSC when log-in accounts are no longer required or will not be used for a period of 30 days or more. 2.13 All log-in accounts not used for a period of 90 days will be disabled. 2.14 All log-in accounts not used for a period of 365 days will be deleted.

Authorization and Accountability. 2.1 5.1 Each individual must have a separate log-in account and password for network use. 2.2 5.2 Only one logical connection to the network is allowed for each individual. 2.3 5.3 Public and generic accounts must be restricted to specific workstation(s) and assigned to workgroups for select, specific business processes. 2.4 5.4 Create passwords that have a minimum of 8 characters with a combination of alphabetic (upper and lower-case), numeric, and special characters. 2.5 5.5 Change default passwords provided by the vendor for access to applications/systems on the network. 2.6 5.6 Create different passwords for applications/systems on the network. 2.7 5.7 Do not share or disclose passwords. 2.8 5.8 Intruder lock-out must be enabled for passwords if the option is provided by the software. 2.9 5.9 Do not record or write down passwords and store in a manner that can be easily accessed by others. 2.10 5.10 All passwords must be changed on a specified, periodic basis. 2.11 5.11 All requests for resetting network passwords must be made by the I.T. Liaison via email to the CSC. 2.12 5.12 Immediately inform the CSC when log-in accounts are no longer required or will not be used for a period of 30 days or more. 2.13 5.13 All log-in accounts not used for a period of 90 days will be disabled. 2.14 5.14 All log-in accounts not used for a period of 365 days will be deleted.