Web Applications Security Policy
Effective: March 14, 2001
This policy is intended to define the
required Web applications security access controls to be used by anyone having
access to the Web application. It is provided to communicate the requirements
regarding the use of Web applications security controls and to protect the
privacy of users and data. It may also be used as an audit to monitor user
access to information resources while ensuring that only authorized users have
access to certain application features and data.
This Policy is applicable to all users of the applications.
All users of the applications must adhere to this Policy at all times.
The System Administrator(s) will be responsible for adding,
changing and terminating users as required and in accordance with established
procedures. Additionally, periodic audits will be performed by the System
Administrators to verify the status of all users.
shall not knowingly access the Web application without authorization.
having accessed a Web application with authorization, shall not use the
opportunity such access provides for unauthorized purposes.
Id’s will be automatically disabled after three unsuccessful logon
shall not leave unattended a PC with an open Web application thereby
allowing unauthorized persons to gain access.
shall not access, modify, duplicate, destroy or disclose any information
or software accessed through the Web application unless so authorized.
shall select passwords as follows:
Passwords must be a minimum of six (6) characters in length
and in the range of a-z, 0-9, $, #, or @.
Users shall avoid using obvious names or information in
passwords. In particular, the following should be avoided:
Security number/license number
such as “Systems”, “Test”, “Demo”
shall not share their password with anyone else.
shall not share their logon session with anyone else.
selecting a password, Users are responsible for:
Exercising caution in the use of passwords. Passwords are
designated as confidential and, as such, shall not be:
Disclosed to others.
Written down unless stored in a secure location.
Displayed anywhere that might allow others to copy or
Changing password(s) immediately if compromised or User is
aware of potential compromise.
shall notify their system administrator immediately of any known suspected
violations of the above conditions and responsibilities.
Failure to comply with this policy may allow unauthorized
access to the Web applications. Allowing unauthorized access can result in
changes to data and to the applications. Violations of the Policy will result
in revocation of access to the Web applications.