Question OPAA-01
Can you enforce password/passphrase aging requirements for administrative and/or system accounts?
| Weight | 15 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe plans to support password/passphrase aging requirements.
Answering "YES"
Describe how aging requirements are implemented in the product.
Reason for Question
This question is primarily focused on account management capabilities that are built into a system. Although aging is not always required, a system that lacks commodity functionality may be lacking in other areas as well. Use the vendor's response to this question as a way to pivot to other questions, as needed.
Follow-Up Inquiries
The value of this question depends on your institution's policy on passwords, its use of 2FA, or any number of factors. Follow-ups for this question are unique to the institution.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]