Upload
stephanie-wilcox
View
13
Download
1
Embed Size (px)
DESCRIPTION
data
Citation preview
NIIT Technologies Ltd
Admin Password Management Process
QMS-P002QMS-P002
Holcim Services (SouthHolcim Services (South Asia) Ltd.Asia) Ltd.
28 Dec 10
Admin Password Management Process Version 1.0 Page 1 of 6
NIIT Technologies Ltd
Document ControlDocument Control
1. Document InformationDocument Name
Admin Password Management Policy
Classification Internal use onlyAuthor Sandeep DeshpandeOwner NTL IT Operations ManagerOnline ReferenceStatus DraftFile Name & Path
\\10.235.0.155\HSSA_Support\NTL Infrastructure\Private\Quality\ Password Management Policy.doc
Created on 28th December 10Release onValid FromRe-validation DatePrinted on
RevisionVersion Revision Date Revision Description Author Sign-offDraft 28th Dec 10 Initial Version Sandeep
ApprovalRole Name Signature Date
Distribution ListRole Name Signature Date
HSSA Head IT infrastructure Govindamani
OpCos SPOC – ACC – ACL
– ACCCL – HSSA
Vinod Kumar,Sainath Iyer,Rajan PachchigarRajesh Lunawat
OpCos Location Head All SitesNTL Regional Coordinators
North/East/South & West. Gujrat for ACL. Thane/Churchgate
Other NTL Staff All Sites
Admin Password Management Process Version 1.0 Page 2 of 6
NIIT Technologies Ltd
INDEX
Admin Password Management Policy.....................................................................11. Document Information.....................................................................................22. Overview..........................................................................................................43. Scope................................................................................................................44. Owner..............................................................................................................45. Review of Procedure........................................................................................46. Admin Password Process controls...................................................................4
6.1. Admin Password Security and Account Verification...............................46.2. Additional Controls...................................................................................46.3. Confidentiality..........................................................................................56.4. Admin Password Administration..............................................................5
7. Process.............................................................................................................57.1. Procedure guideline for implementing Password policy.............................57.2. Operational Routine.....................................................................................58. Responsible......................................................................................................59. Glossary of Abbreviations...............................................................................610. Template for password storage....................................................................6
Admin Password Management Process Version 1.0 Page 3 of 6
NIIT Technologies Ltd
2. OverviewThe purpose of Admin Password Management Policy is to ensure administrator passwords are properly used to verify/authenticate the identity of a user, the first line of defence for access into IT Infrastructure. Also to ensure that built in administrator ID is used only for administration purpose by administrator. The password is also available with HSSA management which can be used in case of emergency.
3. ScopeThis policy is applicable to HSSA head office where administrator ID is maintained and used by administrators for Active directory, Lotus Notes, Anti-virus, Altiris software.
4. OwnerHSSA ITSM and NTL operations manager will be responsible for making changes to the process.
5. Review of ProcedureThis procedure will be reviewed for its issuance, maintenance and distribution. Yearly review of this procedure is essential to ensure that the procedure remain relevant.
6. Admin Password Process controls
6.1.Admin Password Security and Account VerificationChecking new passwords: password should not accept passwords found in
dictionary and is not a name or simple common word.Plausibility Test for password: Passwords should be constructed using a
mixture of different characters. This makes the guessing of passwords very difficult.
All admin User account passwords shall consist of a minimum length of 8 characters.
Days to password change password is Maximum is 180 days.
6.2.Additional ControlsDelay after Incorrect Login Attempts – In case user provides wrong
passwords for 3 times it provides delay in the login.Login details – It records following for login recordsRecords failed login attemptsRecord successful login attemptsInterpretation of Ctrl + Alt + Del is Ignore Privileged User login IDs and password will be with domain Team Leads
Admin Password Management Process Version 1.0 Page 4 of 6
NIIT Technologies Ltd
6.3.Confidentiality
Passwords will not be scribbled anywhere other than the Password Envelope.
Sharing of password is strictly prohibited.
6.4.Admin Password AdministrationChange Management needs to be followed for changing the passwords for administrator users by filling up Change request Form. One printed copy of passwords should be kept with HSSA SM & OP head.
7. Process
7.1. Procedure guideline for implementing Password policyAll administrators and their workforces shall follow password policy, keep all passwords secure, and keep passwords confidential.
Parameters ValuePassword History 5
Maximum Password Age 180 DaysPassword Must meet complexity Requirements EnabledMin Password length 8 chars
7.2.Operational Routine
Activity Schedule Task Responsibility Outcome
Admin ID maintenance
180 days. Cycle: Jan-July
Change of admin password for AD,LN,AV,Altiris
IT Operations TeamChanged list of admin ID is handed over to Head SM & OP
All admin ID passwords should be changed according to operational Routine and whenever the change request is raised. The printed copy to be handed over to SM & OP head HSSA in sealed envelope.
8. ResponsibleFollowing persons from NTL will be responsible for implementing and maintaining this process.
Area ResponsibleActive Directory System Team MemberLotus notes System Team MemberAnti-virus System Team MemberAltiris System Team Member
Admin Password Management Process Version 1.0 Page 5 of 6
NIIT Technologies Ltd
9. Glossary of AbbreviationsSr. Abbreviation Description1. IT Information Technology2. AV Anti Virus3. HSSA Holcim Services (South Asia) Ltd.4. ACC ACC Limited5. ACCCL ACC Concrete Limited6. ACL Ambuja Cements Limited7. NTL NIIT Technologies Ltd.8. OpCo Operating Company9. ITSM Information Technology Service Management
10. Template for password storage
Following template should be used while handing over password to HSSA SM & OP head. The envelope should be sealed while giving this document.
Admin Password Management Process Version 1.0 Page 6 of 6