Policy #: IT0002
Effective Date: 02/11/07
Last Revision Date: 10/4/11
Vice Chancellor, Information Technology
The purpose of this policy is to establish the applicability of, and specific responsibilities relating to, the UCSC Password Strength and Security Standards (Password Standards). This policy applies to all passwords that provide access to UCSC electronic information resources.
The following terms used in this policy are defined in the online Glossary of UCSC IT Policy-Related Terms, available at http://its.ucsc.edu/policies/glossary.html.
III. Detailed Policy Statement: Applicability and Responsibility
System Stewards , in consultation with Subject Matter Experts , where appropriate, are responsible for determining the applicability of the Password Standards to systems or data for which they are responsible based on the above criteria . In situations where it is not clear whether the Password Standards apply to a certain type of data or system, the System Steward shall err on the side of more secure password requirements. System Stewards are also responsible for ensuring implementation and enforcement of the Password Standards where they are applicable. This includes informing users of password requirements.
System Stewards of authentication systems (e.g. systems, such as an identity management system, that allow the same username/password to be used for access to multiple services) are responsible for including in their service definition the minimum level of protection required for passwords provided by their system(s), and for communicating this information to other System Stewards.
All individuals are responsible for following the Password Standards where required. This includes not using passwords that provide access to confidential information with other systems or applications that do not adhere to the Password Standards.
The campus Vice Chancellor, Information Technology on behalf of the Office of the Chancellor and the Office of the Campus Provost and Executive Vice Chancellor (CP/EVC) is the campus authority for the UCSC Password Policy. This policy was initially reviewed and approved by the CP/EVC on 2/11/2007. Next review date is October 2013.
V. Getting Help
For questions or feedback about this policy, contact the ITS Support Center at itrequest.ucsc.edu, email@example.com, 459-HELP, or in person M-F 8AM-5PM, 54 Kerr Hall
VI. Related Policies/References for More Information
Related Legislation and Policies
 See Definitions
 If a System Steward relies on an Authentication System, e.g. an identity management system, it is the responsibility of the System Steward to include password protection requirements of the Authentication System in this assessment.