Ex Libris Group Password Management Policy



Similar documents
November Ex Libris Certified Third-Party Software and Security Patch Release Notes

Server Access for Ex Libris Support. August 2015

How to Configure the Web Services Server in Aleph. Versions 22 and later

Requirements for Upgrading from MetaLib 3.13 to MetaLib 4. Version 4

SFX KnowledgeBase eservice. Versions 3 and 4

Primo Online End User Help. Version 4.x

Staff User s Guide Task Manager. Version 20

How to Upgrade Oracle Software and Databases from Oracle Version x to for Ex Libris Applications

URM and Its Benefits FAQ

All You Wanted To Know About the Management of Digital Resources in Alma

Rosetta Service Pack Installation Guide

Salesforce CRM Customer Portal Documentation

Aleph Requirements for EDI -Outgoing and Incoming Messages

Setting Up SSL / HTTPS for Local Primo Customers

Ex Libris Cloud Service Packages. Version 2.0

Ex Libris Patch Instructions for Oracle 10 CPUs for Voyager Windows Servers

Ex Libris Patch Instructions for Oracle 10 CPUs for Voyager Windows Servers

ICT Password Protection Policy

SMS Proxy User s Guide. Version 1.0

CAPITAL UNIVERSITY PASSWORD POLICY

Ex Libris Patch Instructions for Oracle 10 CPUs for Voyager Solaris/AIX Servers

How to Change the Server Hostname

THE PENNSYLVANIA STATE UNIVERSITY OFFICE OF HUMAN RESOURCES PASSWORD USAGE POLICY

Oracle 10g ODBC Installation Guide. Voyager Version 9.0+

Cal State Fullerton Account and Password Guidelines

Requirements for Rosetta Installation. Version 4.2

Document Control Policy & Procedure 15

CITY OF BOULDER *** POLICIES AND PROCEDURES

Ex Libris Group Cloud Services Business Continuity Plan

BlackBerry Business Cloud Services. Version: Release Notes

BES10 Self-Service. Version: User Guide

Technical Help Desk Terms of Service

Ex Libris Patch Instructions for Oracle 10 CPUs for Voyager Linux Servers

Password Expiration Passwords require a maximum expiration age of 60 days. Previously used passwords may not be reused.

CYBERSECURITY POLICY

PASSWORD MANAGEMENT POLICY OCIO TABLE OF CONTENTS

New Security Features

Boston University Security Awareness. What you need to know to keep information safe and secure

New Security Features

DHHS Information Technology (IT) Access Control Standard

Active Directory Change Notifier Quick Start Guide

BlackBerry Web Desktop Manager. User Guide

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

Secure Configuration Guide

User Guide. BES12 Self-Service

Compatibility Matrix. VPN Authentication by BlackBerry. Version 1.7.1

BlackBerry Desktop Manager Version: User Guide

SAMPLE RETURN POLICY

Network Password Management Policy & Procedures

BlackBerry Enterprise Server. BlackBerry Administration Service Roles and Permissions Version: 5.0 Service Pack: 4.

Password Standards Policy

Information Security Policy. Policy and Procedures

BlackBerry Professional Software For Microsoft Exchange Compatibility Matrix January 30, 2009

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Network Security Policy

Business Internet Banking Agreement Effective November 12, 2012

Integration Guide. Enterprise Identity by BlackBerry

Self Help Guides. Create a New User in a Domain

Network Security Policy

BlackBerry Enterprise Server Resource Kit BlackBerry Analysis, Monitoring, and Troubleshooting Tools Version: 5.0 Service Pack: 2.

Rethinking Schools Limited Institutional Site License

Covered California. Terms and Conditions of Use

ADP Ambassador /Referral Rewards Program. Terms and Conditions of Use

Compatibility Matrix BES12. September 16, 2015

BlackBerry Enterprise Server for Microsoft Exchange. Compatibility Matrix January 31, 2011

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

Compatibility Matrix March 05, 2010

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing

SANS Institute First Five Quick Wins

Module 1: Introduction to Designing Security

END USER LICENSE AGREEMENT ( EULA )

BlackBerry Enterprise Server Express for Microsoft Exchange

IT ACCESS CONTROL POLICY

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Security Guide for the BD Remote Instrument Support Solution BD Biosciences workstations

DISCLAIMER, TERMS & CONDITIONS OF USE

BBM for Android. Version: 1.0. User Guide

SAAS SERVICES ORDER FORM

BlackBerry Mobile Conferencing

ADP Ambassador / Referral Rewards Program Terms and Conditions of Use

Acceptable Use of Computing and Information Technology Resources

BlackBerry Mobile Voice System - BlackBerry MVS Client

PointCentral Subscription Agreement v.9.2

BlackBerry Enterprise Server for Microsoft Office 365. Version: Release Notes

ZIMPERIUM, INC. END USER LICENSE TERMS

Odessa College Use of Computer Resources Policy Policy Date: November 2010

End User License Agreement South Jersey CrashPlan: Managed Backup Solutions Last Updated 4/14/2011

Security Guide. BES12 Cloud

TERMS AND CONDITIONS

StorageTek Library Attach for Window Servers

Oracle Enterprise Manager

If you contact us orally, we may require that you send us your complaint or question in writing within 10 business days.

Transcription:

Ex Libris Group Password Management Policy

CONFIDENTIAL INFORMATION The information herein is the property of Ex Libris Ltd. or its affiliates and any misuse or abuse will result in economic loss. DO NOT COPY UNLESS YOU HAVE BEEN GIVEN SPECIFIC WRITTEN AUTHORIZATION FROM EX LIBRIS LTD. This document is provided for limited and restricted purposes in accordance with a binding contract with Ex Libris Ltd. or an affiliate. The information herein includes trade secrets and is confidential. DISCLAIMER The information in this document will be subject to periodic change and updating. Please confirm that you have the most current documentation. There are no warranties of any kind, express or implied, provided in this documentation, other than those expressly agreed upon in the applicable Ex Libris contract. This information is provided AS IS. Unless otherwise agreed, Ex Libris shall not be liable for any damages for use of this document, including, without limitation, consequential, punitive, indirect or direct damages. Any references in this document to third-party material (including third-party Web sites) are provided for convenience only and do not in any manner serve as an endorsement of that third-party material or those Web sites. The third-party materials are not part of the materials for this Ex Libris product and Ex Libris has no liability for such materials. TRADEMARKS "Ex Libris," the Ex Libris bridge, Primo, Aleph, Alephino, Voyager, SFX, MetaLib, Verde, DigiTool, Preservation, URM, Voyager, ENCompass, Endeavor ezconnect, WebVoyage, Citation Server, LinkFinder and LinkFinder Plus, and other marks are trademarks or registered trademarks of Ex Libris Ltd. or its affiliates. The absence of a name or logo in this list does not constitute a waiver of any and all intellectual property rights that Ex Libris Ltd. or its affiliates have established in any of its products, features, or service names or logos. Trademarks of various third-party products, which may include the following, are referenced in this documentation. Ex Libris does not claim any rights in these trademarks. Use of these marks does not imply endorsement by Ex Libris of these third-party products, or endorsement by these third parties of Ex Libris products. Oracle is a registered trademark of Oracle Corporation. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company Ltd. Microsoft, the Microsoft logo, MS, MS-DOS, Microsoft PowerPoint, Visual Basic, Visual C++, Win32, Microsoft Windows, the Windows logo, Microsoft Notepad, Microsoft Windows Explorer, Microsoft Internet Explorer, and Windows NT are registered trademarks and ActiveX is a trademark of the Microsoft Corporation in the United States and/or other countries. Unicode and the Unicode logo are registered trademarks of Unicode, Inc. Google is a registered trademark of Google, Inc. Web address: http://www.exlibrisgroup.com 2

Table of Contents 1 Overview 5 2 Purpose 5 3 Scope 5 4 Policy 6 General 6 Guidelines 6 Password Protection 7 5 Enforcement 8

Record of Changes Type of Information Document Title: Document Owner: Approved by: Issued: Reviewed & Revised: Document Data Ex Libris Group Password Management Policy Tomer Shemesh Ex Libris Security Officer Eyal Alkalay Ex Libris Cloud Engineering Director 01-March-2011 19-Apr-2015 Document Distribution and Review The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver. 4

Overview Ex Libris is committed to providing its customers with a highly secure and reliable environment for hosting and cloud-based applications. Therefore, Ex Libris has developed a strict and secure password policy and procedures that covers all aspects of IT, including hosting and cloud-based Ex Libris systems and services. Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of Ex Libris entire corporate network. For this reason, all Ex Libris employees (including contractors and vendors with access to Ex Libris systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. Passwords not only protect Ex Libris and its information, but you as well. If somebody uses your account, you may be held responsible for their actions if you revealed your password to that person. Purpose The purpose of this policy is to establish a standard for the creation of strong passwords, the protection and appropriate use of these passwords to protect customer information, and to maintain data privacy by defining the frequency with which passwords should be changed. Scope The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Ex Libris facility, has access to the Ex Libris network, or stores non-public Ex Libris information. 5

Policies General The following are general password policies: All user-level passwords (such as e-mail, Web, workstation, server account, and so forth) must be changed at least every 90 days. However, when the user password is part of a multifactor authentication mechanism (such as SSH key), a one year change period is acceptable. A user account that has system-level privileges granted through group memberships or programs such as sudo must have a password that is different than the password used for all other accounts held by this user. Passwords must not be inserted into e-mail messages or other forms of electronic communication. Communication of passwords must take place orally. All user-level passwords must conform to the guidelines described below. A new user will be created with the change password next logon option enabled. All system-level passwords (such as root, NT admin, application administration account, service account, and so forth) must be changed at least every 6 months. In a new installation of an Ex Libris product at a customer site, the application password must be changed. When providing an internal application user name/password to an external resource (supplier, external developer, distributors, and so forth), a change of password needs to be performed immediately after the session. Guidelines Passwords that are used must be strong passwords. Strong passwords have the following characteristics: Complex: Contain both uppercase and lowercase characters Have digits, punctuation, or Unicode characters as well as letters (for example, 0-9, (ڑßא(/.,?<>';":[]{}`\=-~ +_()*&^%$#@! Must be at least 8 characters long. System passwords must be at least 12 characters long Enforce password history at least 8 change cycles before a password can be reused Lockout user accounts are blocked after 10 consecutive failed password entries Must be a non-trivial combination 6

Must not be a word in any language, slang, dialect, or jargon Must not be based on personal information Must never be written down or stored unencrypted Try to create passwords that can be easily remembered. One way to do this is to create a password based on a song title, affirmation, or other phrase. For example, the phrase might be This may be one way to remember my password and the password could be TmB1w2Rmp! or Tmb1W>rmp@s. Rename the system-level privilege user name if possible. Do not use the product name or a name that someone can easily guess as the system-level privilege user name. In contrast, the following are characteristics of poor passwords and forbidden to use: The default password A password that is a common usage word such as: Names of family, pets, friends, co-workers, fictional characters, and so forth Computer terms, commands, names of companies, hardware, or software Birthdays and other personal information, such as addresses and phone numbers Word or number patters such as aaabbb, qwerty, zyxwvuts, 123321, and so forth. Any of the above preceded or followed by a digit Any of the above transformed by simple character substitutions (1 for l, @ for a, 3 for E, and so forth) Password Protection The following policies help protect your password: Do not share your user-level Ex Libris password with anyone, including administrative assistants or Cloud and IT employees (unless you change the password after the problem has been solved). Do not open a case or ticket with your user name and password in it. Instead, ask for remote assistance and type the password separately. All user-level and system-level passwords are to be treated as sensitive, confidential Ex Libris information. All passwords must be saved on Ex Libris password protection encrypted systems. If cloud /IT employees need access to a system using your password, they should change your password to perform the required work and then allow you to reset your password when they have completed the task. Avoid using the Remember Password feature of applications such as PuTTY, SecureCRT, Internet Explorer and others applications. Do not install or use store password software on Ex Libris computers. 7

Do not write passwords down and store them in your office or near your workstation. Do not store passwords on ANY computer system (including mobile phones, tablets, or similar devices) without appropriate encryption. If you have to deliver a password: Do it by phone and replace the password after you finish. Be aware of who is listening around you. If an account or password is suspected of having been compromised, report the incident to Ex Libris Security Officer and change all your passwords on the compromised systems. Enforcement Password cracking or guessing may be performed on a semiannual security audit review performed by company security officer or its delegates. Password cracking or guessing may be performed on an annual security penetration tests performed by external security company and ISO audit process. If a password is guessed or cracked during one of these scans, this will be considered a security violation and will be handled according to the security disciplinary policy. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information