User Name and Password Regulations for SOX 807
-
Hello All, I am new here.
Can anyone please let me know or point me to regulations regarding to User Name and Password setup to be SOX complaint. This is for a web application which we intend to builld.
Thanks for any replies in advance.
-
no one can help me with guide lines?
-
There are not regulations regarding user names and passwords. Sarbanes Oxley does not speak about the length of the passwords…
Well, what you must do:
FIRST STEP: Primary Risk Objective
Access requests are appropriate and properly authorized
SECOND STEP: Control Point
*Passwords must be used with a minimum password length of 8 characters.
*Passwords should be difficult to guess
etc. It is easy to find best practices
THIRD STEP: Test of Internal Control
*Ensure all logins have passwords (not default passwords)
*Ensure strong password and account lockout policies are implemented
*Review user privileges on each system
*Review system access permissions to sensitive files
etc.
-
As lekatis says there is no specific requirement on usernames and passwords in SOX.
However, there are some good (non-commercial) sites that can help you with best practice:Tons of other links on those sites as well (particularly the cerias one) so happy hunting through a fascinating and complex subject