Users are responsible for creating and protecting passwords that grant them access to resources. Passwords cannot be shared, displayed in plain view, or stored in computers. Passwords used to access systems must meet password length, complexity, and longevity requirements. All passwords must be a minimum of 14 characters long, and must contain at least one of each of the following:

​

Users are responsible for ensuring that other users are assigned roles appropriately. Only the level of access required to perform authorized tasks may be approved, following the concept of “least privilege”. Users should not use shared accounts under any circumstances. Accounts must be disabled and/or deleted in a timely manner following employment termination, according to a documented employee termination process. System administrators are responsible for modifying and/or removing the accounts of individuals that change roles with the Company or are separated from their relationship with the Company.