Filter
Top Products
CHAPTER
5-1
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
5
Password Policy Configuration Scenario
Cisco Secure ACS, hereafter referred to as ACS, provides new password features to support corporate
requirements mandated by the Sarbanes-Oxley Act of 2002. Sarbanes-Oxley (SOX) requires stricter
enforcement of password restrictions.
ACS provides SOX support, which includes:
• Enforcement of password lifetime policy
• Enforcement of inactivity limits
• Improved password constraints
To enable password configuration that includes these new features, ACS provides a new password policy
page.
All administrator logins are subject to the policy that you configure for passwords and accounts, unless
you check the Account Never Expires check box. For example, ACS provides configurable limits on
password lifetime and activity, and incorrect password attempts. These options can force password
change and can result in automatic account lockout. Privileged administrators can also lock out an
account. In addition, you can monitor the last password change and last account activity for each
administrator.
Limitation on Ability of the Administrator to Change Passwords
If an administrator is not granted full administrative access, the only action the administrator can take is
to change his or her own password.