Oregon Administrative Rules
Chapter 291 - DEPARTMENT OF CORRECTIONS
Division 5 - NETWORK INFORMATION SYSTEM ACCESS AND SECURITY
Section 291-005-0055 - User Password Management and Responsibilities

Universal Citation: OR Admin Rules 291-005-0055

Current through Register Vol. 63, No. 9, September 1, 2024

(1) Authorized users shall comply with the following rules to create and manage their passwords:

(a) All user accounts shall be protected by use of a password. This password shall be generated by and known only to the individual user.

(b) The Department of Corrections ISO shall determine password characteristics.

(2) Password Duration: All user passwords shall be subject to automatic retirement at a maximum set time period in the standards and guidelines. Authorized users may change passwords as often as they wish during this period and are encouraged to do so.

(3) Password Violation: Violation of these rules is a disciplinary matter with consequences up to and including dismissal.

(4) A user account shall be automatically disabled when there have been more than five consecutive invalid logon attempts by a user during a 120-minute time period.

(5) The Department of Corrections ISO or designee may re-enable a disabled password.

Statutory/Other Authority: ORS 179.040, 423.020, 423.030 & 423.075

Statutes/Other Implemented: ORS 179.040, 423.020, 423.030 & 423.075

Disclaimer: These regulations may not be the most recent version. Oregon may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.