Web Applications Security Policy


Effective:   March 14, 2001





This policy is intended to define the required Web applications security access controls to be used by anyone having access to the Web application. It is provided to communicate the requirements regarding the use of Web applications security controls and to protect the privacy of users and data. It may also be used as an audit to monitor user access to information resources while ensuring that only authorized users have access to certain application features and data.




This Policy is applicable to all users of the applications. All users of the applications must adhere to this Policy at all times.




The System Administrator(s) will be responsible for adding, changing and terminating users as required and in accordance with established procedures. Additionally, periodic audits will be performed by the System Administrators to verify the status of all users.




1.      Passwords must be a minimum of six (6) characters in length and in the range of a-z, 0-9, $, #, or @.

2.      Users shall avoid using obvious names or information in passwords. In particular, the following should be avoided:

1.      Exercising caution in the use of passwords. Passwords are designated as confidential and, as such, shall not be:

o       Disclosed to others.

o       Written down unless stored in a secure location.

o       Displayed anywhere that might allow others to copy or memorize them.

2.      Changing password(s) immediately if compromised or User is aware of potential compromise.




Failure to comply with this policy may allow unauthorized access to the Web applications. Allowing unauthorized access can result in changes to data and to the applications. Violations of the Policy will result in revocation of access to the Web applications.