Password Management

The next task is to implement procedures for creating, changing, and safeguarding passwords. This is an addressable task. Remember that every user that accesses EPHI must use a unique login name. Every user must also use a secure password. Strong Passwords should be used and passwords should be changed on a regular basis. Passwords should not be shared. Procedures should be in place in case a a password breach is detected or suspected.

Windows servers have built in functions that help with this process. Password expiration and forced strong password usage are examples of the built in functions.

Realize that the password is the basic building block of your EPHI security. If you do not have good password policies and procedures you will fail the most basic compliance test.