Services is offering a password management system that includes
password aging. The package enforces password aging for MARC users
as well as CANDE users. Packages that do not address both MCSs have
a severe hole in them.
package also, addresses the issue of usercode passwords and accesscode
passwords. Where there is any sharing of usercodes and files under
the same usercode, accesscodes are necessary to ensure security.
If password aging is desirable or mandated by auditors, then it
must include accesscode passwords. If you have attempted to find
such a product, you probably have been unsuccessful until now.
Aging From Integrity Services
this day of more sophisticated security enforcement and those who
desire to break security systems, password aging is becoming more
desirable. Many auditors are making it mandatory for their computer
systems. This feature is now affordable and installation is flexible,
easy, and maintainable.
exactly is password aging? It is the ability on a computer to allow
passwords to age in time to the place where usercodes are prevented
from use if the password is not changed. In other words, once a
usercode's password has exceeded a pre-determined length of days,
it must be changed or no one will be able to use it. When the password
is changed, the usercode is made usable for the specified number
password management system from Integrity Services has been expanded
to include passwords for usercodes and passwords for accesscodes.
Accescodes are the only convenient way to share usercodes on the
ClearPath and A Series computers and retain individual identity
for each and every log-on. In addition, the password management
system will give warnings to users a specified number of days before
the password will expire, allowing one to work without stoppage
when the password expires.
Integrity Services password management system will operate with
COMS (MARC) or CANDE. In fact, it is the only password management
system that I know of that will operate with COMS (MARC) and CANDE
for passwords of both usercodes and accesscodes. Usercode and accesscode
information is maintained in the userdatafile along with the other
security attributes. Extensions have been made to the userdatafile
to allow accesscode attributes. A security support library is at
the center of the password management system. This is the standard
Unisys mechanism for extended security on NX and A Series computers.
By using the standard security support library, there is an interface
for other MCSs.
the Integrity Services password management system allows for a minimum
password length and limited password re-use. It uses a COMS processing
item and a new MARC menu for user password changes.
may question why both MARC and CANDE log-ons must be protected with
password management. It is because once a person has logged on to
MARC, that is not the end of log-on possibilities. This same user
may go to the CANDE window and change usercodes. It is this changing
of usercodes that must have password protection to preserve the
integrity of the password management system.
Support is a library that may be assigned as the system security
support library. CANDE must be modified to allow the calling sequences
for the functions 1 - 4 below. MARC uses a processing item. There
is also an interface for other MCSs. Secured station (terminal)
restrictions require a security supervisor to function.
Password aging for usercodes.
password for a usercode must be changed within a given time-frame
designated by DAYSACTIVE or the usercode will be made inactive.
DAYSWARNING allows a warning message to be given to users (at the
time that they sign on) a specified number of days before the usercode
will be made inactive.
2. Password aging for accesscodes.
password for an accesscode must be changed within a given time-frame
designated by ADAYSACTIVE or the accesscode will be made inactive.
ADAYSWARNING allows a warning message to be given to users (at the
time that they sign on) a specified number of days before the accesscode
will be made inactive.
3. Limiting password re-use for a specified
number of changes.
password may not be re-used when a password change is attempted.
The default number is 8.
4. Minimum password length is enforced for
minimum character length for a password may be enforced.
5. Secured station (terminal) restricted use.
designated usercodes may be permitted to use stations (terminals)
specified in a database (list) for specific timeframes of the day.
All other usercodes will be denied access to these terminals. These
designated usercodes will also be denied access at other times of
the day. The database of stations may be changed by time-of-day.
The designated usercodes may be changed by time-of-day.
Note 1: For options 1-5 userdatafile additions must be made to the
2: For option 5, System/Supervisor from Integrity Services is required.