Passwords

Layout for printing
Policy Number:
UW-514
Responsible Office:
Division of Information Technology (DoIT)

University Policy

Rationale/​Purpose:

UW–Madison’s network and information systems provide the technical foundation for the conduct of its academic, research, and administrative missions. Providing this open access to information technology is imperative to ensuring academic freedom at the institution. An important part of providing this network access is ensuring that the network and associated information are secure.

The purpose of this policy is to provide guidance to faculty, staff, students, and other authorized users regarding passwords in order to protect individual and university information and resources. Adherence to this policy will help ensure that the university network and information systems are secure and available to all.

Scope:

Applies to anyone who connects devices or systems to a UW–Madision network by any means.

Policy:

  1. Policy 

    1. Devices and systems connected to the UW–Madison network must require passwords meeting the minimum standards set by the Office of the Chief Information Officer and, if possible, technically enforce them.
    2. Faculty, staff, and students must adhere to the minimum password standards for all systems and applications that come into contact with university resources.
    3. Systems That Can't Comply with Minimum Standards: If the minimum standards cannot be met, the system must be protected by other means, such as a dedicated firewall, limited network access, or multi-factor authentication.

  2. Enforcement

    1. The university reserves the right to:
      1. Suspend access to preserve the confidentiality, integrity, and availability of the network, systems, or information.
      2. Periodically audit passwords for compliance.
      3. Pursue disciplinary action because of noncompliance.



Related UW–Madison Documents, Web Pages, or Other Resources:

Policy Administration

Approval Authority:
Chief Information Officer & Vice Provost for Information Technology
Policy Manager:
Assistant Director, Cybersecurity Program and Business Services
Contact:
IT Policy Writer and Analyst, Office of CyberSecurity; IT Policy Website Link -- Sara Tate-Pederson, itpolicy@cio.wisc.edu, (608) 263-5370
Effective Date:
02-17-2006
Revised Dates:

02-17-2006

Reviewed Dates:

06/01/2018

Retrieved:
09-27-2022 02:32:08