KABUL MUNICIPALITY
The Kabul Municipality's Password Policy is designed to protect the security of the network, data integrity, and computer systems by requiring strong passwords and establishing a minimum time between password changes.
4 pages

Abstract
The policy applies to all personnel with computer accounts, including employees, FMIS account holders, and email account users. To protect the security of the network, personnel are required to adhere to specific guidelines. These guidelines include never writing passwords down, never sending passwords through email, and never including passwords in non-encrypted stored documents. Additionally, personnel are not to reveal their passwords to anyone, either verbally or in writing, and should not use the "Remember Password" feature of application programs. Strong passwords are defined as those containing at least three of the five following character classes: lower case characters, upper case characters, numbers, punctuation, and special characters. Strong passwords must also contain at least eight alphanumeric characters. Weak passwords, on the other hand, are those that contain less than eight characters, are a word found in a dictionary, or are a common usage word such as names of family, pets, or friends. To create strong passwords that can be easily remembered, personnel are advised to create passwords based on well-known titles, affirmations, or other phrases. For example, a phrase such as "One Tree for Myself, One for My Country" could be used to create a password such as "13fm1fmc" or "otfmofmc." However, these examples are not to be used as actual passwords. Password security is critical to the security of the organization, and employees who do not adhere to this policy may be subject to disciplinary action according to the "Disciplinary Policy of Kabul Municipality." The policy is to be regularly evaluated to ensure it is enabling and effectively moving Kabul Municipality towards its sustainability goal. The contents of this policy are enforceable after His Excellency the Mayor's approval. The policy also emphasizes the importance of protecting administrator passwords and accounts, which should not be shared and should only be accessible to IT staff. Additionally, password-protected screen savers should be enabled and should protect the computer within 5 minutes of user inactivity. Users should be in the habit of not leaving their computers unlocked and should press the CTRL-ALT-DEL keys and select "Lock Computer" when leaving their workstation.
Classification