Page 9 - Password administration review-Guilford ES
P. 9

Emergency Services:  Password Administration Review



                                       SCHEDULE OF TEST RESULTS


          Test  Test                            Description                                 Result
            #1
                We examined the  Reviewed the Active Directory            Upon reviewing the Active Directory
                 Active Directory   default domain password policy and  default domain password policy, we noted
                 default global     noted the required password           the following password parameters are
                 password policy    parameters for all active users in the  required:
                 for the guilford-  guilford-es.com domain.                   •  Password history: 12
                 es.com Active                                                •  Maximum password age: 180 days
                 Directory forest.   Global Password Policy                   •  Minimum password age: 0 days
                                                                              •  Minimum password length: 8
                                                                                 characters
                                                                              •  Password complexity: The
                                                                                 password complexity is set to
                                                                                 require at least 3 of the following
                                                                                 character types: upper case
                                                                                 characters (A-Z), lower case
                                                                                 characters (a-z), numbers (0-9),
                                                                                 special characters (!, $, %, etc.).


          Test  We examined all     Reviewed all accounts in the          We reviewed all accounts in the guilford-
            #2  accounts in the     guilford-es.com domain and            es.com domain and noted there are a total
                 guilford-es.com    inspected each account name for       of 428 accounts as of 8/1/2019. Upon
                 domain for any     duplicates.                           review, we noted there were no duplicate
                 duplicate                                                account names.
                 accounts.          Duplicate Accounts


          Test  We examined a       Reviewed a sample of 25 users’        We received a listing of terminations for
            #3  sample of 25        termination dates compared to the     fiscal years 2018 and 2019 from Human
                 terminations in    current status in the system along    Resources and noted a total of 47
                 the ES             with the last date of password reset.   terminations during the period. Of those
                 department for                                           47 terminations, we randomly selected a
                 the period of      Terminations                          sample 25 terminations for test purposes.
                 7/1/2018 –                                               Of the 25 examined,
                 7/31/2019 (FY18,                                         •  17 or 68% of the terminated users
                 FY19) to confirm                                             were not present in the current listing
                 the terminations                                             of active users in Active Directory.
                 did not possess                                          •  7 or 28% of the terminated users were
                 access in the                                                found in the current listing of active
                 system.                                                      users in Active Directory. Per inquiry
                                                                              with ES Technical Support
                                                                              Administrators, these individuals were

                                                                                                            8
   4   5   6   7   8   9   10   11