[CESG] CWE password management

[Mario.Merri at esa.int]

Hi Nestor,

could we include the topic of CWE password management to the agenda of the 
next CESG mtg?

Thanks

__Mario
----- Forwarded by Mario Merri/esoc/ESA on 05/10/2017 16:00 -----

From:   Sam Cooper <sam at brightascension.com>
To:     Mario Merri <Mario.Merri at esa.int>
Cc:     Nestor Peccia <Nestor.Peccia at esa.int>, Dan Smith 
<danford.s.smith at nasa.gov>, Brigitte Behal <Brigitte.Behal at cnes.fr>
Date:   02/10/2017 14:42
Subject:        Request for our AD



Can I make a request that we, as CCSDS, tone down the security 
requirements of CWE please!

It's a little crazy that we have to change the password EVERY month, and 
then it has to:
The password must be at least 12 characters.
The password must contain at least 3 of the following: 
Uppercase character
Lowercase character
Numeric (0-9) character
Special character (eg. $,#,@)
The password must not contain your username.
Used passwords are recorded. The password must not have been used within 
the past 24 times.
We are protecting draft specifications not a nuclear power station!

Cheers,
Sam





This message and any attachments are intended for the use of the addressee or addressees only.
The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its
content is not permitted.
If you received this message in error, please notify the sender and delete it from your system.
Emails can be altered and their integrity cannot be guaranteed by the sender.

Please consider the environment before printing this email.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20171005/056282f4/attachment.html>