Password Standards - Data Custodians

Persons may be designated by their supervisors as data custodians. Generally, persons in administrative offices who have access or update capability to sensitive or privileged information will be designated as data custodians.

An email distribution list for the data custodians will be created, and each department director or chair will be able to modify/update this list so they can maintain it for the individuals in their department.

To improve the security of the information, data custodians will be requested to use the following password standards.

Passwords must:

• be a minimum of fifteen (15) characters in length.
• be memorized; if a password is written down it must be stored securely.
• contain at least one (1) character from three (3) of the following categories:
  • Uppercase letter (A-Z)
  • Lowercase letter (a-z)
  • Digit (0-9)
  • Printable special characters (~`!@#$%^&*()+=_ {}[]\|:;”’/?<>,.)
• be private and not shared with anyone.
• not contain your proper name or username.
• be changed at least every 30 days.
• not be reused for at least ten password changes.

Data custodians will start receiving notices that their passwords should be changed 25 days after the last password change.

Additional Info: Changing your password | Managing your password