Users and Security Requirements

Each site's security administrator ensures that users are trained in security procedures. The security administrator needs to communicate the following rules to new employees and remind existing employees of these rules on a regular basis:

  • Do not tell anyone your password.

    Anyone who knows your password can access the same information that you can without being identified and therefore without being accountable.

  • Do not write your password down or include it in an email message.

  • Choose passwords that are hard to guess.

  • Do not send your password to anyone by email.

  • Do not leave your computer unattended without locking the screen or logging off.

  • Do not leave your laptop or other mobile devices unattended in an insecure location.

  • Remember that administrators do not rely on email to send instructions to users. Never follow emailed instructions from an administrator without first double-checking with the administrator.

    Be aware that sender information in email can be forged.

  • Because you are responsible for the access permissions on files and directories that you create, make sure that the permissions on your files and directories are set appropriately. Do not allow unauthorized users to read a file, to change a file, to list the contents of a directory, or to add to a directory.

Your site might provide additional suggestions.