New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.21 - USER PASSWORD MANAGEMENT
Current through Register Vol. 35, No. 18, September 24, 2024
Password protocols shall be developed consistent with state standards and implemented to ensure all authorized individuals accessing agency resources follow 1.12.11 NMAC Enterprise Architecture. Such password protocols shall be mandated by automated system controls whenever possible. Password protocols should include, but not be limited to:
A. compliance with 1.12.11.16 NMAC (Security Password rule);
B. prohibiting the storage of passwords in clear text;
C. prohibiting the use of passwords that could be easily guessed or subject to disclosure through a dictionary attack;
D. direction for keeping passwords confidential;
E. prohibiting any and all password sharing;
F. directing users to change passwords at regular intervals;
G. direction for changing temporary passwords at the first logon;
H. enforcing the implementation standard password formats to include a mix of alphabetic, numeric, special, and upper/lower case characters;
I. automated logon processes which must be approved by agency CIO;
J. implementing state password standards and protocols on agency computing resources; and
K. verifying proper enforcement of password management by the agency during an annual independent risk assessment.