Documentation
HECVAT-onprem-v3.0.5
Authentication, Authorization, and Accounting
OPAA-01

Question OPAA-01

Can you enforce password/passphrase aging requirements for administrative and/or system accounts?

Weight15
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe plans to support password/passphrase aging requirements.

Answering "YES"

Describe how aging requirements are implemented in the product.

Reason for Question

This question is primarily focused on account management capabilities that are built into a system. Although aging is not always required, a system that lacks commodity functionality may be lacking in other areas as well. Use the vendor's response to this question as a way to pivot to other questions, as needed.

Follow-Up Inquiries

The value of this question depends on your institution's policy on passwords, its use of 2FA, or any number of factors. Follow-ups for this question are unique to the institution.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]