Enabling Compliance with Password Policies
Mandylion Research Labs
  Main | Products | Purchase | Regulatory Compliance | Company Info | News

FACTA & Passwords
The Fair and Accurate Credit Transactions Act (FACTA) was enacted in 2003 to ensure that all citizens are treated fairly when they apply for a mortgage or other form of credit. With the unprecedented rise in credit related crimes, however, the law quickly became a key measure for Federal Agencies to establish a wide array of regulations aimed at curbing the rise in identity theft crimes.
read more

HIPAA & Passwords
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was passed by Congress to improve the efficiency and effectiveness of the health care system, and reduce the incidence of fraud. increasing the secure automation of patient records and electronic health care information transfers. read more
GLBA & Passwords
The Gramm-Leach-Bliley Act imposes privacy and security obligations on a broadly defined group of financial institutions, including those engaged in banking, lending, and insurance activities as well as loan brokering, credit reporting, and real estate settlement services. What has gained attention, however, is the Federal Trade Commission’s extension of this Act to include “unfair or deceptive acts or practices in or affecting commerce.” Prohibited practices include deceptive claims that companies make about privacy on websites, including claims about the security they provide for consumer information. The FTC has gotten aggressive in its enforcement. read more

Congress, Lingerie and Privacy
What does Victoria Secret’s have to do with the Gramm Leach Bliley Act? Outside the Beltway, it is not well known that a Victoria's Secret catalog was one of the key reasons that Congress included privacy protections in Gramm-Leach-Bliley Act (GLBA). read more
Strong Password Policy
The first security barrier to an organization’s IT infrastructure is its access control system. In fact, security is synonymous with access control. Any encounter with a modern information system is a screen prompt for user-ID and password, Most organizations, however, do a better job at crafting their vacation and expense reimbursement policies then they do their password policies, An excellent example of a well written password policy is available from the SANS Institute.

SANS Institute Model Password Policy
Sarbanes-Oxley & Passwords
When you think of Sarbanes-Oxley (SOX) what comes to mind? Executives being scrutinized for not paying attention to business practices? Cooking the books? Think Again. Sarbanes Oxley has implications for most business practices and processes of publicly traded companies. Management must opine on internal controls over systems that capture the true financial picture of the entity. In the name of those "internal controls," auditors and consultants are prodding companies to require that employees pick tougher passwords, and change them more frequently. read more
FISMA & Passwords
The Federal Information Security Management Act of 2002 mandated that all Federal Agencies implement appropriate security policies and supporting security architectures to ensure the confidentiality, integrity and availability of their data and transactions.

To ensure compliance with the Act, FISMA tied the IT capital budget of an Agency with these security initiatives. In short, no progress on a secure infrastructure, no funding of that infrastructure. read more
© 1999 - 2006, Mandylion Research Labs, LLC. All rights reserved.