Skip To Main Content

Post RSS Feeds
  • Procedure
5225P - Technology

Policy: 5225P

Section: 5000 - Personnel

Title: Procedure - Technology

Status: Active

Adopted: March 26, 2024

Procedure - Technology

Individual Responsibilities

 

Individuals are responsible for keeping passwords secure and confidential. As such, the

following principles must be adhered to for creating and safeguarding passwords:

  • User passwords must be changed immediately upon issuance for the first use. Initial passwords must be securely transmitted to the individual.
  • Passwords must never be shared with another individual for any reason or in a manner not consistent with this policy.
  • Passwords must never be written down and left in a location easily accessible or visible to others.
  • Passwords must meet the requirements outlined in this policy.

Password Requirements

 The following parameters indicate the minimum requirements for passwords for all individual staff accounts (except for passcodes defined in the section titled Mobile Devices) where passwords are:

  • At least 10 characters; and
  • Password should contain uppercase and lowercase letters, numbers 0 through 9, and nonalphanumeric characters; and
  • Not based on anything somebody else could easily guess or obtain using person-related information (names, telephone numbers, dates of birth, etc.); and Cannot reuse the last 5 passwords.
  • Account will be locked after 5 failed attempts. Email technical.services@ferndalesd.org to reset password.

Password Expiration

 Most users are no longer required to change their passwords at fixed intervals (NIST special publication 800-63B). However, in all cases, IT reserves the right to reset a user’s password in the event a compromise is suspected, reported or confirmed. This helps prevent an attacker from making use of a password that may have been discovered or otherwise disclosed.

Mobile Devices

 Mobile devices accessing or storing FSD data, such as smartphones and tablets, shall be registered with IT and managed by the mobile device management (MDM) platform. The following minimum password policy is in effect for all mobile devices, where passwords are:

  • At least eight (8) digits; and
  • Must contain at least one letter and one number.

Biometric authentication (e.g., facial or fingerprint recognition) on mobile devices may be used to unlock the device, but a compliant passcode must still be established.

 

A mobile device will erase after ten (10) invalid passcode attempts. The device manufacturer may automatically impose time limitations after several unsuccessful password attempts before the wipe is triggered. IT support (Technical.Services@ferndalesd.org) can provide assistance in resetting device passcodes.

 

Reporting a Suspected Compromise or Breach

If you believe your password has been compromised or if you have been asked to provide your

password to another individual, promptly notify the following support team:

IT Support

  • Email: technical.services@ferndalesd.org
  • Subject line: password compromised

 

 

 

 

Adopted: 03.26.2024

5225PA1.pdf

  • 5000
Share to EmailPrint this page