Current through October 18, 2024
Each agency must instruct their users to follow these guidelines for the purpose of protecting passwords:
A. Passwords must not be disclosed to anyone except in emergency circumstances or when there is an overriding operational necessity.B. Hard copies of passwords (i.e. printed out or written down) should be considered sensitive.C. Passwords must not be sent in clear text over the network. Secure Shell (SSH) and HTTPS must replace Telnet and HTTP for authentication.D. Passwords must be unique per user.E. The password change interval is a maximum of ninety (90) days; however, ITS recommends that agencies consider using a 30 or 60 day interval depending on the classification of their data. Password reuse should be minimized or prohibited.F. Default passwords must be changed.G. Passwords must be required on all user accounts.H. Passwords suspected to be stolen or cracked must be changed immediately and notification must be given to the user's supervisor and system administrator. Miss. Code Ann. § 25-53-1 to § 25-53-25.