REG NASA-LLIS-0972-2001 Lessons Learned User IDs and Passwords.pdf

上传人:postpastor181 文档编号:1018617 上传时间:2019-03-21 格式:PDF 页数:3 大小:14.71KB
下载 相关 举报
REG NASA-LLIS-0972-2001 Lessons Learned User IDs and Passwords.pdf_第1页
第1页 / 共3页
REG NASA-LLIS-0972-2001 Lessons Learned User IDs and Passwords.pdf_第2页
第2页 / 共3页
REG NASA-LLIS-0972-2001 Lessons Learned User IDs and Passwords.pdf_第3页
第3页 / 共3页
亲,该文档总共3页,全部预览完了,如果喜欢就下载吧!
资源描述

1、Lessons Learned Entry: 0972Lesson Info:a71 Lesson Number: 0972a71 Lesson Date: 2001-07-26a71 Submitting Organization: HQa71 Submitted by: Wilson HarkinsSubject: User IDs and Passwords Description of Driving Event: In the 1995-1996 timeframe the Office of Safety and Mission Assurance (OSMA) began dev

2、elopment of a distance learning capability under the umbrella of the Professional Development Initiative (PDI). This distance learning capability eventually evolved from a Safety and Mission Assurance discipline system into the Site for Online Learning and Resources (SOLAR) (http:/solar.msfc.nasa.go

3、v), currently one of NASAs primary distance learning resources. The intent of the initial development effort was to design and implement a prototype system for the Safety and Mission Assurance discipline. Since the system was web-based part of the design considerations involved system security, spec

4、ifically the use of User IDs and Passwords. The system was going to maintain user sensitive course completion data (completion records and testing scores) so establishing a User ID and Password to generate and access that information became a requirement. In addition, some course materials were goin

5、g to contain licensed material and finally we wanted to limit access to the courses to the NASA community to ensure availability of courses to our users. To accomplish this the User ID and Password were also required to access course materials. SOLAR was configured to maintain its own User ID and Pa

6、ssword protocols and files. The decision to develop a unique User ID and Password system was based on two assumptions. The first assumption was that requiring users to remember another User ID and Password would not be a burden and second that development of a unique capability would be easier than

7、integrating the system into the various security systems resident at the NASA Centers.As use of the SOLAR system grew and some disciplines initiated mandatory training, by far the largest demand for user support involved re-establishing out-of-date or forgotten passwords. This represented a signific

8、ant expenditure of resources to maintain the user support primarily to reset passwords. An additional system capability was added to automate password revalidation, this capability did reduce the demand for manual update. This did not solve the frustrations of users who had to remember another User

9、ID/Password combination or were delayed even momentarily from taking training which they had allotted time to complete often with a looming deadline for Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-completion.Lesson(s) Learned: 1. Proliferation of

10、 User IDs and Passwords can frustrate system users, particularly if the User ID and Password combination is not used on a regular basis.2. For systems with infrequent access, a large amount of resources may be required to provide the capability to reset User IDs and Passwords.Recommendation(s): 1. C

11、onsider carefully the decision to adopt a unique User ID and Password authentication method. Consider instead using or piggybacking on another systems authentication system so that users have a single User ID and Password to access multiple capabilities.2. If a unique User ID and Password authentica

12、tion system is adopted, ensure that sufficient user support is provided to quickly respond to user requests for Password resets.Evidence of Recurrence Control Effectiveness: N/ADocuments Related to Lesson: N/AMission Directorate(s): N/AAdditional Key Phrase(s): a71 Information Technology/Systemsa71

13、Policy & Planninga71 Training EquipmentAdditional Info: Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Approval Info: a71 Approval Date: 2001-07-30a71 Approval Name: Eric Raynora71 Approval Organization: QSa71 Approval Phone Number: 202-358-4738Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 标准规范 > 国际标准 > 其他

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1