Skip to main content

Policy Templates

Password Policy Enforcer contains Out-of-the-box Policy Templates based on the requirements of the most popular regulatory frameworks.

  • Center for Internet Security (CIS) Password Policy Guide – See the CIS Password Policy Guide article for additional information.

  • Center for Internet Security (CIS) Password Policy Guide MFA – See the CIS Password Policy Guide article for additional information.

  • Cybersecurity Information Sharing Act (CISA)

  • Criminal Justice Information Services (CJIS) Security Policy

  • Cybersecurity Maturity Model Certification (CMMC)

  • Defense Federal Acquisition Regulation Supplement (DFARS)

  • Gramm-Leach-Bliley Act (FedRAMP)

  • Federal Information Security Management Act (FISMA)

  • Health Insurance Portability and Accountability Act (HIPPA) – HIPAA Security Rule requires that organizations must implement procedures for creating, changing, and safeguarding passwords.

    • It also recommends training the workforce on ways to safeguard password information and establish guidelines to create and change passwords in a periodic cycle.
    • HIPAA doesn’t offer any specific password complexity guidelines. To comply with HIPAA, organizations are better off following NIST password guidelines.
    • Most of healthcare institutions use the NIST framework.

  • International Organization for Standardization (ISO/IEC) 27002 – See the NIST Special Publication 800-63B article for additional information.

  • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) – See the CIP-007-6 — Cyber Security – Systems Security Management article for additional information.

  • National Institute of Standards and Technology (NIST) Special Publication 800-171

  • National Institute of Standards and Technology (NIST) Special Publication 800-53

  • National Institute of Standards and Technology (NIST) Special Publication 800-63b – See the NIST Special Publication 800-63B article for additional information.

  • Payment Card Industry Data Security Standard (PCI DSS) – See the PCI Document Library web site for additional information.

  • Payment Card Industry Data Security Standard (PCI DSS) (version 4)