Report levels:
1,2 : Open to the world, 1 for website and 2 for dashboards and screens.
The distinction is purely for administration.
5 - 9 : Reports and forms open to any user eg. summaries, user queries
and policies
10 - 19 : Active system agents.
20+ : System administration
Reports levels combine with user groups.
Verifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords.
Verifiers and CSPs SHOULD accept Unicode [ISO/ISC 10646] characters in passwords. Each Unicode code point SHALL be counted as a single character when evaluating password length.
Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords.
Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
Verifiers and CSPs SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant.
Verifiers and CSPs SHALL NOT prompt subscribers to use knowledge-based authentication (KBA) (e.g., “What was the name of your first pet?”) or security questions when choosing passwords.
Verifiers SHALL verify the entire submitted password (i.e., not truncate it).
X Require all passwords to be at least 8 characters in length. This rule is needs to be relaxed for federated login.
X Require complex passwords, consisting of both numeric and alphabetic characters.
Require that new passwords cannot be the same as the 4 previously used passwords.
Lock out accounts after not more than 6 invalid logon attempts.
Require that once a user account is locked out it remains locked for 30 minutes or until the System Administrator resets the account.
X Require system/session idle time out of 15 minutes.
Require passwords to be reset at least every 90 days.
Encrypt all passwords during transmission and storage on all system components (e.g. in scripts and databases, connection strings, inside compiled code, etc).
Immediately revoke access for any terminated users.
X Disable user accounts that have been inactive for 90 days.
First-time passwords must be set to a unique value for each user.
First-time passwords must be changed after the first use.
Reset passwords must be set to a unique value for each user.
Reset passwords must be changed after the first use.
Account creation requests must specify access either explicitly or via a role that has been mapped to the required access.
Access must be immediately revoked for terminated or transferred users or for any user
whose access is no longer required. Ensure that access privileges are revoked as soon
as possible.
User IDs shall be disabled after ninety (90) days of inactivity. These requirements may not
apply to certain specialised accounts (e.g., admin, root, etc.).
Exceptions to this process will require a waiver to be raised by the requestor, reviewed by
the TFG ISD and approved by the TFG's CIO.
Passwords set by System Administrators must be changed by the user immediately upon the
users' next login. System Administrators must set initial passwords that are unique
and compliant with the password rules.
//: <> (CYTHON START)
cythonize -3 -a -i ObjUser.py
Compiling /home/axion/projects/axion/factory.web/ObjUser.py because it changed..[1/1] Cythonizing /home/axion/projects/axion/factory.web/ObjUser.py
Updated : 2025-10-02