[CESG] [Secretariat] CWE password management

Oliver, Brian (HQ-CG000)[Arctic Slope Technical Services, Inc.] brian.oliver at nasa.gov
Thu Oct 5 14:23:02 UTC 2017


Passwords have to be changed every 60 days, not every month (or 30 days).

Also, the current security requirements have been put in place contractually at the NASA HQ level.


Brian Oliver
CCSDS IT Tech Support
mailto:brian.oliver at nasa.gov
937-985-4445 (Voice and SMS)

On Oct 5, 2017, at 10:01 AM, Mario.Merri at esa.int<mailto:Mario.Merri at esa.int> wrote:

Hi Nestor,

could we include the topic of CWE password management to the agenda of the next CESG mtg?


----- Forwarded by Mario Merri/esoc/ESA on 05/10/2017 16:00 -----

From:        Sam Cooper <sam at brightascension.com<mailto:sam at brightascension.com>>
To:        Mario Merri <Mario.Merri at esa.int<mailto:Mario.Merri at esa.int>>
Cc:        Nestor Peccia <Nestor.Peccia at esa.int<mailto:Nestor.Peccia at esa.int>>, Dan Smith <danford.s.smith at nasa.gov<mailto:danford.s.smith at nasa.gov>>, Brigitte Behal <Brigitte.Behal at cnes.fr<mailto:Brigitte.Behal at cnes.fr>>
Date:        02/10/2017 14:42
Subject:        Request for our AD

Can I make a request that we, as CCSDS, tone down the security requirements of CWE please!

It's a little crazy that we have to change the password EVERY month, and then it has to:

  *   The password must be at least 12 characters.
  *   The password must contain at least 3 of the following:
     *   Uppercase character
     *   Lowercase character
     *   Numeric (0-9) character
     *   Special character (eg. $,#,@)
  *   The password must not contain your username.
  *   Used passwords are recorded. The password must not have been used within the past 24 times.

We are protecting draft specifications not a nuclear power station!


This message and any attachments are intended for the use of the addressee or addressees only.
The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its
content is not permitted.
If you received this message in error, please notify the sender and delete it from your system.
Emails can be altered and their integrity cannot be guaranteed by the sender.

Please consider the environment before printing this email.

CESG mailing list
CESG at mailman.ccsds.org<mailto:CESG at mailman.ccsds.org>
Secretariat mailing list
Secretariat at mailman.ccsds.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20171005/a095ff33/attachment.html>

More information about the CESG mailing list