CSU, Bakersfield

Information Security

Global Links

• Home
• Departments
• Contact Us
• Personnel
• CSUB Home

Navigation Links

Computer Use Policy

Campus Password Policy

Contacts

Definition of Confidential Info.

Desktop Security

Desktop Security Reviews

Good Security Practices

Incident Report Process/Form

Information Security Blog

Information Security Plan

Information Security Policy

Security Awareness

Supplemental I.S. Policies

Laws & Regulations

Application for Database

Red Flag

Campus Password Policy

1.0 - Overview

This is an overview of the Password Policy.

1.1 - Purpose:

Establish a Password Policy Standard for CSUB employees.

1.2 - Scope:

This policy applies to all CSUB employees.

1.3 - Background

A password is private information and only the person assigned to a particular account should use the associated password. Users are responsible for safeguarding passwords for their accounts.

2.0 - Policy:

Passwords must:

1. Not contain the user's account name or parts of the name that exceed two consecutive characters
2. Be at least eight characters in length
3. Contain characters from three of the following four categories:
   1. Uppercase characters (A through Z)
   2. Lowercase characters (a through z)
   3. Numbers (0 through 9)
   4. Non-alphanumeric characters (for example, !, $, #, %)
4. Changed at least once per year

3.0 - Controls

Systems incapable of enforcing compliant passwords shall have user enforced compliant passwords. If compliant passwords are not permitted then other mitigating controls, determined on a case by case basis, shall be user enforced; e.g. shorter password lifetimes, longer passwords, or inactivity screen locks.