New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.21 - USER PASSWORD MANAGEMENT

Universal Citation: 1 NM Admin Code 1.12.20.21

Current through Register Vol. 35, No. 18, September 24, 2024

Password protocols shall be developed consistent with state standards and implemented to ensure all authorized individuals accessing agency resources follow 1.12.11 NMAC Enterprise Architecture. Such password protocols shall be mandated by automated system controls whenever possible. Password protocols should include, but not be limited to:

A. compliance with 1.12.11.16 NMAC (Security Password rule);

B. prohibiting the storage of passwords in clear text;

C. prohibiting the use of passwords that could be easily guessed or subject to disclosure through a dictionary attack;

D. direction for keeping passwords confidential;

E. prohibiting any and all password sharing;

F. directing users to change passwords at regular intervals;

G. direction for changing temporary passwords at the first logon;

H. enforcing the implementation standard password formats to include a mix of alphabetic, numeric, special, and upper/lower case characters;

I. automated logon processes which must be approved by agency CIO;

J. implementing state password standards and protocols on agency computing resources; and

K. verifying proper enforcement of password management by the agency during an annual independent risk assessment.

Disclaimer: These regulations may not be the most recent version. New Mexico may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.