Skip to content

Glossary definition: ISO/IEC 27001 Password Policy

ISO/IEC 27001: Secure Password Policy for Your Business

ISO/IEC 27001 Password Policy is a set of guidelines and requirements for the creation and maintenance of user passwords in order to protect the confidentiality, integrity, and availability of information systems and data. It is designed to ensure that user passwords are kept secure and are not easily guessed, cracked, or broken. The policy outlines the requirements for password length, complexity, and expiration, as well as the frequency of password changes and the process for resetting forgotten passwords. It also outlines the requirements for password storage and transmission, such as encryption and secure protocols, as well as the requirements for user education and awareness. Furthermore, the policy outlines the requirements for the logging and monitoring of user access and the enforcement of the password policy.