The password controls in Data Manager and CCR need to be brought up to date with common password control policies. Features such as:
- User account lockout feature shall disable the user account after three (3) unsuccessful login attempts
- Lockout should be permanenet until the system adminsitrator reinstates the account
- Information systems shall routinely prompt users to change their passwords within 5-14 days before such passwords expire
-Users shall be prohibited from using their last six passwords.
- Provide an audit trail for logon and logoff attempts