Cyber & IT Supervisory Forum - November 2023
Internal Use Only
Example Risk Acceptance/Mitigation Plans
Risk Mitigation Strategy/ Additional Controls needed
Comments/Results
Status
1. Update Network users to minimum password length of 12 a. Update Network Password parameters b. Send out communication to all network users that on next password change, the minimum length will now be 12 characters Etc. Responsible Individual(s): We will identify any remaining application systems that contain sensitive data and determine the feasibility of adding this process to those applications. Etc. Responsible Individual(s):
We recommend increasing password minimum length on the Active Directory network and Spectrum core application to 10 ‐ 12 characters for general user accounts, and at least 15 characters for privileged accounts such as administrators.
Verified
This process is followed for most application systems, but not all. Implement for any remaining application systems that contain access to sensitive data.
Open
17
17
Internal Use Only
Key Overall Risk Assessment Concepts
Unwritten vs. internally developed vs. purchased
How often are updates made to the assessment?
18
18
Made with FlippingBook - Online catalogs