Wednesday, May 25, 2016

The account and password controls over network authentication and the student information and financial management system applications and databases did not meet certain minimum thresholds

From the 2016 Maryland State Office of Legislative Services audit of MCPS

Finding 10 Network, application, and database account and password controls were not sufficient to properly protect critical resources, as they did not meet minimum thresholds in accordance with recognized best practices. Analysis
Network, application, and database account and password controls were not sufficient to properly protect critical resources. The account and password controls over network authentication and the student information and financial management system applications and databases did not meet certain minimum thresholds, as identified in best practices prescribed by the State of Maryland
Information Security Policy.
For example, network authentication password controls were deficient with respect to password length, complexity, maximum age, and history. A similar condition related to network authentication and application password controls was commented upon in our preceding audit report.

1 comment:

  1. Don't they train the technicians before they let them loose to wreak havoc?

    ReplyDelete

If your comment does not appear in 24 hours, please send your comment directly to our e-mail address:
parentscoalitionmc AT outlook.com