Finding 10 Network, application, and database account and password controls were not sufficient to properly protect critical resources, as they did not meet minimum thresholds in accordance with recognized best practices. Analysis
Network, application, and database account and password controls were not sufficient to properly protect critical resources. The account and password controls over network authentication and the student information and financial management system applications and databases did not meet certain minimum thresholds, as identified in best practices prescribed by the State of Maryland
Information Security Policy.
For example, network authentication password controls were deficient with respect to password length, complexity, maximum age, and history. A similar condition related to network authentication and application password controls was commented upon in our preceding audit report.
Dedicated to improving responsiveness and performance of Montgomery County Public Schools
Pages
▼
Wednesday, May 25, 2016
The account and password controls over network authentication and the student information and financial management system applications and databases did not meet certain minimum thresholds
From the 2016 Maryland State Office of Legislative Services audit of MCPS:
Don't they train the technicians before they let them loose to wreak havoc?
ReplyDelete