Steffen SchneiderFALCOM QMP (Verfahrensanweisung) Passwort Policy
status of this document
STATUS: DRAFT
scope
The purpose of this internal directive / qmp is to define the process of handle company related password(s)
Objectives of the directive :
- everybody understand the use of email as a internal and external communication process
- everybody understand the need of secure communication
- everybody understand how its expected to handle emails
- define the process of setup new employees
- define the process of release employees
- creation and handle of employees (Open)PGP keys
- define escrow key handling
Format
FALCOM strongly recommend to use Email in text format - not HTML or any other. Please reply your answers for better/faster reading on top of the received email or comment inline the other email with quoting the older email.
password requirements (BSI)
- max. age: 90 days
- min. age: 1 day
- min length: 8 characters
- password must meet complexity requirements:
- Contain characters from three of the following four categories:
- uppercase characters (A through Z)
- lowercase characters (a through z)
- base 10 digits (0 through 9)
- non-alphabetic characters (for example, !, $, #, %)
- Contain characters from three of the following four categories:
- enforce password history (min. 6)