Statutes, codes, and regulations
New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATIONChapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.21 - USER PASSWORD MANAGEMENT

N.M. Admin. Code § 1.12.20.21

Download
PDF
Current through Register Vol. 35, No. 24, December 23, 2024
Section 1.12.20.21 - USER PASSWORD MANAGEMENT

Password protocols shall be developed consistent with state standards and implemented to ensure all authorized individuals accessing agency resources follow 1.12.11 NMAC Enterprise Architecture. Such password protocols shall be mandated by automated system controls whenever possible. Password protocols should include, but not be limited to:

A. compliance with 1.12.11.16 NMAC (Security Password rule);
B. prohibiting the storage of passwords in clear text;
C. prohibiting the use of passwords that could be easily guessed or subject to disclosure through a dictionary attack;
D. direction for keeping passwords confidential;
E. prohibiting any and all password sharing;
F. directing users to change passwords at regular intervals;
G. direction for changing temporary passwords at the first logon;
H. enforcing the implementation standard password formats to include a mix of alphabetic, numeric, special, and upper/lower case characters;
I. automated logon processes which must be approved by agency CIO;
J. implementing state password standards and protocols on agency computing resources; and
K. verifying proper enforcement of password management by the agency during an annual independent risk assessment.

N.M. Admin. Code § 1.12.20.21

1.12.20.21 NMAC - N/E, 4/14/2010