Status: Live
The organization will report on the percentage of active user passwords that are set to expire in accordance with policy. [UCF ID 02087]
Metric guidance
Calculation: The calculation for this metric is # of active user passwords that are set to expire in accordance with policy / # of active user passwords.
Calculation source: No authority document source of information exists. The following formula was used: the number of passwords that have been set to expire according to the policies, standards, and procedures divided by the total number of active passwords for each business unit (or the organization as a whole) .
The Common Control IDs associated with this metric are as follows:
- • Change user passwords on a regular basis [UCF Control ID 00520]
• Set account expiration parameters on active accounts [UCF Control ID 01580]
• Set maximum password age [UCF Control ID 01704]
Supporting and supported controls
This control directly supports:
- • Establish and maintain an user identification and authentication metrics program [UCF Control ID 02073]
There are no supporting controls.
Authority documents complied with:
CISWG Information Security Program Elements, January 10,2005, ISPE18.3
US Federal Security Guidance
The organization must measure and report on the percentage of active user passwords that are set to expire in accordance with policy. [ISPE18.3, CISWG Information Security Program Elements, January 10,2005]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.