NPS Digest: NPS Gateway for Partners, Friends and Alumni
National Park Service National Park Service Arrowhead U.S. Department of the Interior NPS Digest: NPS Gateway for Partners, Friends and Alumni
Daily Headlines
Daily Headlines
Home
NPS News
In the Press
Katrina
Incidents
Fire News
People News
Jobs
Training
Events Calendar
InfoZone
About the NPS
Addresses
Information Resources
DOI Information Quality Guidelines
Opportunities
Park Information
Permits
Programs/Initiatives
Reports
Morning Report
ParkTips
NLC Journal

 New Password Policy Goes Into Effect On Friday

[Printer-friendly text version]

On November 6th, the NPS network/active directory password policy will change to 12 character passwords.

There are over 20,000 computers used throughout NPS to access files from other bureaus or departments, connect to the internet, or retrieve email on a daily basis. These computers can contain valuable government information, exactly the type of information external sources are trying to retrieve. There isn’t a day that goes by in which a computer system within the U.S. government is not the subject of malicious attacks from external sources that try to cause some harm on those systems.

National Park Service network security team detects hundreds of attempts a day to penetrate our network and the numbers are increasing. Although the NPS has a strong first line of defense to counter these attacks, having another layer of prevention enhances the NPS security footprint. It starts by ensuring NPS users log into their computers in a more secure and safe manner.

There has been a change in the way that active directory password policy is being enforced. The Office of Management and Budget has mandated FDCC security settings (federal desktop core configuration), developed by the National Institute of Standards and Technology. One of the items in the FDCC mandate is the strengthening of passwords as a measure to decrease vulnerability due to increasing security risks from external sources. In response to the threat of these external efforts, the Department of Interior has asked all bureaus to comply with the FDCC mandate to implement a 12 character password. The OCIO realizes this change is sudden and might be difficult for some, but we hope you understand this is enhancing security on our systems throughout NPS.

The Office of the Chief Information Officer will be instituting this password policy change, which will affect all NPS users, on November 6th. It will go into effect the next time your password expires. The new password requirements are as follows:

  • All passwords must be 12 characters long
  • All passwords must contain a mix of at least three characters from the following categories: uppercase, lowercase, numeric and special (non-alphanumeric i.e, # ! &)
  • All passwords must be changed every 60 days

These changes will apply to all NPS employees, contractors and volunteers.

If you have any questions or concerns, please contact your local IT staff specialist.

Contact Information
Name: Stephen Benton, Program Manager, Network Management Division

National Park Service | Department of the Interior | FirstGov