Password Standards

Minimum requirements for passwords for university accounts.

Background

University accounts provide access to a wide range of institutional systems, data, and resources, making strong password practices essential to protecting the university environment. In response to evolving security risks and compliance requirements, ISS and Denver OIT established this standard in alignment with APS 6005, APS 5001 and CU Systemwide Baseline Security Standards. Passwords must be updated in accordance with this guidance and whenever compromise is suspected or confirmed.

Purpose

The purpose of these standards is to establish minimum password requirements that reduce the risk of unauthorized access to university systems and data. Strong password practices are a foundational component of the university’s overall security posture.

Scope

These standards apply to all accounts that access university systems, data and networks. This includes faculty, staff, students and systems or services that rely on authenticated access.

The Standards

Information Strategy and Services

CU Anschutz

Fitzsimons Building

13001 East 17th Place

Aurora, CO 80045


CMS Login