Laserfiche WebLink
3. Authentication/Passwords <br />a. All personnel are required to maintain the confidentiality of identity and access <br />management information. <br />b. If authorized by the Information Technology Department, any group/shared identity and <br />access management information must be maintained solely among the authorized <br />members of the group. <br />c. All identity and access management information, including initial and/or temporary <br />credentials, must be constructed, and implemented according to the Identification and <br />Authentication policy (AM 1200.11): <br />Must meet all requirements including minimum length, complexity, and reuse <br />history. <br />ii. Must not be easily tied back to the account owner by using things like <br />username, social security number, nickname, relative's names, birth date, etc. <br />iii. Must not be the same passwords used for non -business purposes. <br />d. Unique passwords should be used for each system whenever possible. <br />e. User account passwords must not be divulged to anyone. <br />County support personnel and/or contractors should never ask for user account <br />passwords. <br />f. If the security of a password is in doubt, the password shall be changed immediately. <br />g. Personnel shall not circumvent password entry with application remembering, <br />embedded scripts, or hard coded passwords in client software. <br />h. Security tokens (i.e. Smartcards) must be returned on demand or upon termination of <br />the relationship with County, if issued. <br />4. Clear Desk/Clear Screen <br />a. Personnel shall log off from applications or network services when they are no longer <br />needed. At a minimum, personnel shall log off at the end of each business day. <br />Page 15 <br />68 <br />SECTION <br />NUMBER <br />EFFECTIVE DATE <br />Information <br />ADMINISTRATIVE <br />Technology <br />AM -1200.21 <br />4/22/2025 <br />POLICY MANUAL <br />SUBJECT <br />PAGE <br />Acceptable Use <br />Page 5 of 18 <br />3. Authentication/Passwords <br />a. All personnel are required to maintain the confidentiality of identity and access <br />management information. <br />b. If authorized by the Information Technology Department, any group/shared identity and <br />access management information must be maintained solely among the authorized <br />members of the group. <br />c. All identity and access management information, including initial and/or temporary <br />credentials, must be constructed, and implemented according to the Identification and <br />Authentication policy (AM 1200.11): <br />Must meet all requirements including minimum length, complexity, and reuse <br />history. <br />ii. Must not be easily tied back to the account owner by using things like <br />username, social security number, nickname, relative's names, birth date, etc. <br />iii. Must not be the same passwords used for non -business purposes. <br />d. Unique passwords should be used for each system whenever possible. <br />e. User account passwords must not be divulged to anyone. <br />County support personnel and/or contractors should never ask for user account <br />passwords. <br />f. If the security of a password is in doubt, the password shall be changed immediately. <br />g. Personnel shall not circumvent password entry with application remembering, <br />embedded scripts, or hard coded passwords in client software. <br />h. Security tokens (i.e. Smartcards) must be returned on demand or upon termination of <br />the relationship with County, if issued. <br />4. Clear Desk/Clear Screen <br />a. Personnel shall log off from applications or network services when they are no longer <br />needed. At a minimum, personnel shall log off at the end of each business day. <br />Page 15 <br />68 <br />