Emergency Services:  Password Administration Review



                                                    HIGHLIGHTS

               We documented and observed the following highlights and best practices established by
               Emergency Services:

                   •  Password Complexity - By requiring password complexity, Emergency Services
                       Technical Support has established a global policy that requires users to have at least a
                       combination of characters such as special characters, numbers, upper-case and lower-case
                       letters.  In addition, Emergency Services maintains a 12-password history that does not
                       allow reuse of passwords.
                   •  Training and Communication - Orientation training is conducted on an as-needed basis.
                       Information Services and Emergency Services Technical Support presents new
                       employees training on how to set their password including do’s and don’ts around
                       password security and other phishing avoidance.  Information Services also provides
                       monthly newsletters, communication to key associates and security materials and
                       announcements through Guilford County’s SharePoint application.
                   •  Active Directory Report – Emergency Services Technical Support has implemented a
                       dashboard that displays data including: enterprise administrators, domain administrators,
                       users with upcoming password expiration, users who have not logged in within 30 days,
                       Group Policy Objects (GPOs), all groups, all users and computers.


































                                                                                                            6