Back to T5.2.3 - P1 - USER SECURITY CREDENTIALS MANAGEMENT
The process should include the following requirements:
A. Users should be required to sign a statement to keep personal security credentials confidential and to keep group e.g. security credentials solely within the members of the group; this signed statement could be included in the terms and conditions of employment
B. When users are required to maintain their own security credentials they should be provided initially with secure temporary security credentials , which they are forced to
change immediately
C. Establish procedures to verify the identity of a user prior to providing a new, replacement or temporary security credentials
D. Temporary security credentials should be given to users in a secure manner; the use of external parties or unprotected (clear text) electronic mail messages should be avoided
E. Temporary security credentials should be unique to an individual and should not
be guessable
F. Users should acknowledge receipt of security credentials
G. Default vendor security credentials should be altered following installation of systems or software.
