Protecting authenticator content from unauthorized disclosure and modification.Changing/refreshing authenticators for group or role when membership to those accounts’ changes (e.g.Establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators.Changing default content of authenticators before information system installation.Establishing and implementing administrative procedures for initial authenticator distribution, for lost/compromised or damaged authenticators, and for revoking authenticators.
Ensuring that authenticators have sufficient strength of mechanism for their intended use.Establishing initial authenticator content for authenticators defined by the organization.Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, or device receiving the authenticator.The District agencies must manage information system authenticators by: Individual authenticators including passwords, tokens, biometrics, PKI certificates, and key cards must be properly secured with the establishment of a secured log-on process to minimize the risk of unauthorized access. The District agencies must have Information system authentication requirements that are developed and properly managed. Disabling the identifier after 6 months of inactivity.Preventing reuse of identifiers for 7 years.Assigning the identifier to the intended individual, group, role, or device.Selecting an identifier that identifies an individual, group, role, or device.Receiving authorization from District workforce member’s supervisor and agency management to assign an individual, group, role, or device identifier.The Districts agencies must manage information system identifiers by: The District agencies will enforce the information system implements multi-factor authentication for network access to non-privileged accounts. Identification And Authentication |Multifactor Authentication To Non-Privileged Accounts Identification and Authentication |Multifactor Authentication To Privileged AccountsĪll District agencies' information systems must implement multifactor authentication for network access to privileged accounts.Ĥ.3. The District agencies must ensure that organizational users or processes acting on behalf of organizational users are uniquely identified and authenticated before they are granted access (Local, Network or Remote) to the District information systems organizational users (or processes acting on behalf of organizational users).Ĥ.2.
![2 factor authentication security policy template 2 factor authentication security policy template](https://templatelab.com/wp-content/uploads/2018/05/Security-Policy-11.jpg)
Identification and Authentication (Organizational Users) The District agencies shall develop respective Identification and Authentication procedures in support of this policy based on the requirements defined below:Ĥ.1. The District information systems must be configured to uniquely identify and authenticate all District Workforce members with access to such systems. In addition, this policy applies to any providers and third-party entities with access to District information, networks, and applications.
![2 factor authentication security policy template 2 factor authentication security policy template](https://www.stickypassword.com/pictures/FAQ/resources/159/en/2-faq-2fa-protecting-your-data-with-two-factor-authentication-step2-enable-2fa-en.png)
This policy applies to all District workforce members responsible for application identity and role definition on behalf of the District, and/or any District agency/District/entity who receive enterprise services from OCTO.
#2 factor authentication security policy template code#
AuthorityĭC Official Code § 1-1401 et seq., provides the Office of the Chief Technology Officer (“OCTO”) with the authority to provide information technology (IT) services, write and enforce IT policies, and secure the network and IT systems for the District. To establish the requirements for the identification and authentication of users, processes, or devices accessing the District of Columbia Government’s (“District”) information system, and make sure that the security and integrity of the District data and information system are protected.