Part of Data Security Standard 9 - IT protection
Password strength, remote locations and managed estates (9.1.1 - 9.1.2)
Password strength
Default passwords should always be changed. This is particularly true of network components. When setting a password you should consider:
- not using a single word
- think random
- think multiple (3 random passwords technique)
- not using or containing a common password
Remote locations
Where your organisation has remote locations, it will generally fall into one of these categories:
- scenario a: your organisation manages the whole remote site network infrastructure
- scenario b: another organisation (such as the main organisation at the remote site) manages the network infrastructure
For scenario a. you are responsible for changing the network components default password.
For scenario b. you will require cooperation with the remote site organisation, assurance from them that the password change has occurred, and the equipment is covered in their Data Security and Protection Toolkit assessment.
Managed estates
Where your organisation network infrastructure is managed by another party you will require a degree of cooperation with your supplier. Generally, it will be expected that your supplier changes the default passwords. The third party would then provide confirmation that this has taken place.
Last edited: 27 September 2022 2:42 pm