News










Cybersecurity

Updated Security Policy Templates Available on The Web

In partnership, the Cybersecurity Risk Foundation (CRF) and SANS have created a library of free cybersecurity policy templates to help organizations quickly define, document, and deploy key cybersecurity policies. To explore the full set of safeguards, risk, and maturity models behind these templates, visit crfsecure.org Updated April 15, 2025

For example, the Password Construction Standard has as its purpose to provide best practices for the creation of strong passwords.

This guideline applies to employees, contractors, consultants, temporary and other workers, including all personnel affiliated with third parties. This guideline applies to all passwords including but not limited to user-level accounts, system-level accounts, web accounts, e-mail accounts, screen saver protection, voicemail, and local router logins.

Strong passwords are long, the more characters a password has the stronger it is. CRF and SANS recommend a minimum of 16 characters in all work-related passwords. In addition, they encourage the use of passphrases, passwords made up of multiple words. Examples include "It's time for vacation" or "sunny-is-hoping-to-see-green-leaves-soon". Passphrases are both easy to remember and type yet meet the strength requirements.

Password cracking or guessing may be performed on a periodic or random basis by the Infosec Team or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change.

"Individuals could be subject to legal consequences under applicable laws if violations involve illegal activities."

Non-compliance with this policy may result in disciplinary action in line with our corporation's human resources procedures. Consequences may range from mandatory refresher training and written warnings to temporary suspension of remote access privileges and, in severe cases, termination of employment or contractual obligations. Individuals could be subject to legal consequences under applicable laws if violations involve illegal activities. These sanctions emphasize the critical importance of cybersecurity, the individual's role in protecting our digital assets, and the potential risks associated with policy violations. Enforcement will be consistent and impartial, with the severity of the action corresponding directly to the seriousness of the breach.