User Name and Password Regulations for SOX 807



  • Hello All, I am new here.
    Can anyone please let me know or point me to regulations regarding to User Name and Password setup to be SOX complaint. This is for a web application which we intend to builld.
    Thanks for any replies in advance.



  • no one can help me with guide lines?



  • There are not regulations regarding user names and passwords. Sarbanes Oxley does not speak about the length of the passwords…
    Well, what you must do:
    FIRST STEP: Primary Risk Objective
    Access requests are appropriate and properly authorized
    SECOND STEP: Control Point
    *Passwords must be used with a minimum password length of 8 characters.
    *Passwords should be difficult to guess
    etc. It is easy to find best practices
    THIRD STEP: Test of Internal Control
    *Ensure all logins have passwords (not default passwords)
    *Ensure strong password and account lockout policies are implemented
    *Review user privileges on each system
    *Review system access permissions to sensitive files
    etc.



  • As lekatis says there is no specific requirement on usernames and passwords in SOX.
    However, there are some good (non-commercial) sites that can help you with best practice:

    Tons of other links on those sites as well (particularly the cerias one) so happy hunting through a fascinating and complex subject 😉


Log in to reply