Skip Top Navigation
Who We Are
Leadership
Financials
Government Relations
Judicial Officer
Legal
Our History
Postal Facts
What We're Doing
Strategic Planning
Current Initiatives
Securing The Mail
Sustainability
Corporate Social Responsibility
Government Services
Postal Customer Council
Service Performance Results
Newsroom
National News
Local News
Testimony & Speeches
Broadcast Downloads
Events Calendar
Photo Gallery
Service Alerts
Careers
Career Opportunities
Working at USPS
How to Apply
Profile Login
Doing Business with Us
Suppliers
Licensing
Rights & Permissions
Auctions
Public Key Infrastructure
Search
Handbook AS-805-I - USPS Information Security Requirements for Suppliers - Contents
2-6
Identification and Authentication
Identification and authentication guidelines are as follows:
Identify system users, processes acting on behalf of users, and devices.
Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational systems.
Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.
Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
Prevent reuse of identifiers for a defined period.
Disable identifiers after a defined period of inactivity.
Enforce a minimum password complexity and change of characters when passwords are created.
Prohibit password reuse for a specified number of generations.
Allow temporary password use for system logons with an immediate change to a permanent password.
Store and transmit only cryptographically protected passwords.
Obscure feedback of authentication information.
