help me out

  • From: Dhirendra Kumar <>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 4 Jan 2006 19:01:10 +0530


   How can we set these policies

 1) Cyclical use of password restricted:**
      Privileged users (administrative ids like root, administrator, system,
oracle etc) must never use the same password twice, i.e. their
password must be unique every time. Other users must not repeat any of the
previous 5 passwords. Wherever possible, the system must enforce such
restrictions otherwise it is the user's responsibility to follow this

2) Storage of Critical Passwords**

    Critical passwords (passwords for privileged Ids, generic Ids etc.) must
be stored through Critical Password Control Documents.  Such passwords shall
be recorded in specified forms and stored in two sets of envelopes (on-site
and off-site).  Records shall be maintained of custody, changes in these
passwords and movement of the envelopes.)

3) Secure Conveyance of Passwords**

    Passwords should be conveyed to users in a secure manner. Passwords must
never be disclosed via telephone or through third parties or through
unprotected (clear text) electronic mails. If sent by mail or similar
physical distribution systems, the mailings must have no markings indicating
the nature of the enclosure

Other related posts: