Common use of Interoperable System User Accounts and Passwords Clause in Contracts

Interoperable System User Accounts and Passwords. All users must have a discrete user account ID which cannot be the user's social security number. To protect against unauthorized access, passwords linked to the user ID are used to identify and authenticate authorized users. • Accounts and passwords shall not be transferred or shared. The sharing of both a user ID and associated password with anyone (including administrators) is prohibited. • Accounts and passwords shall be protected from disclosure and writing passwords down or electronically storing them on a medium that is accessible by others is prohibited. • The selection of passwords must be complex and include: o At least eight characters in length o At least two (02) upper case and two (02) lower case letters o At least two (02) numbers and one (01) special character. • Passwords must not contain names, repetitive patterns, dictionary words, product names, personal identifying information (e.g., birthdates, SSN, phone number), and must not be the same as the user ID. • Users are required to change their passwords at least once every 90 days. • Passwords must be promptly changed whenever a compromise of a password is known or suspected.

Interoperable System User Accounts and Passwords. All users must have a discrete user account ID which cannot be the user's ’s social security number. To protect against unauthorized access, passwords linked to the user ID are used to identify and authenticate authorized users. • Accounts and passwords shall not be transferred or shared. The sharing of both a user ID and associated password with anyone (including administrators) is prohibited. • Accounts and passwords shall be protected from disclosure and writing passwords down or electronically storing them on a medium that is accessible by others is prohibited. • The selection of passwords must be complex and include: o At least eight characters in length o At least two (02) upper case and two (02) lower case letters o At least two (02) numbers and one (01) special character. • Passwords must not contain names, repetitive patterns, dictionary words, product names, personal identifying information (e.g., birthdates, SSN, phone number), and must not be the same as the user ID. • Users are required to change their passwords at least once every 90 days. • Passwords must be promptly changed whenever a compromise of a password is known or suspected.