D2: The information stored on the device must be protected against access if the device is lost, stolen, or recycled/reissued to another user. All mobile devices (laptops, mobile phones, etc.) and workstations that may be used to store or access Harvard information, including accessing Harvard email, must be securely configured, including encryption of data stored on the device, where this feature is supported.
Note: Enforcement of configurations for personally-managed devices will be phased in, beginning with alerts of non-compliance and grace periods to resolve detected gaps. D1: All devices connecting to or installed on a non-guest Harvard network or authenticating to Harvard applications must be configured for secure operation, including non-default unique passwords/credentials that limit access to authorized individuals and services, proper registration of the device on the network, current and supported operating system (firmware and software), regular updates and...
If you believe your password has been compromised or otherwise improperly accessed, change your password. Depending on your department policy, you might have access to the departmental file share or Sharepoint. Contact your local IT support person or your manager to obtain instructions on the recommended local practice.
1. No common names or dictionary words. (A multi word phrase with no spaces is acceptable). 2. Include at least one character from at least 3 of the following: Include one uppercase letter Include one lowercase...
SA4: Communications between servers or applications must be protected, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).
SA3: Communications between servers or applications and client machines must be protected, whether these servers are managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).
SA2: Servers and applications that manage passwords must force the setting of a complex password. Further, they must enforce multi-factor authentication where technically possible. Complexity and reset frequency must meet the following requirements where technically feasible (consult the Security office if the following requirements are not technically feasible):... Read more about Complex passwords