Statement

WTAMU manages information system authenticators by defining initial authenticator content; establishing administrative procedures for initial authenticator distribution, for lost/compromised, or damaged authenticators, and for revoking authenticators; and changing default authenticators upon information system installation. Authenticators include passwords, cryptographic devices, biometrics, certificates, one-time password devices, and ID badges.

Applicability

This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

Management of information system authenticators shall include:

• Authenticators shall be treated as confidential information.
• If an authenticator has been confirmed as compromised, the event shall be reported as a security incident.
• Forgotten or lost authenticators shall be replaced with a new authenticator.
• If a user requests an authenticator change, the identity of the user must be verified before the authenticator is changed.