Compliance with the current National Institute of Standards and Technology (NIST)

Security Build Overview--September 17, 2010

The Security Build is an update to the system to comply with the current National Institute of Standards and Technology (NIST) security standards. The changes for the build will be available on October 11, 2010. These updates will not apply to System-to-System accounts. Applicants will experience a number of system changes that include updates to passwords and logins, including:

  • New password requirements - new rules when creating a new password:
    • Cannot be the same as the previous six (6) passwords.
    • Must contain at least eight (8) characters.
    • Must contain at least one (1) number.
    • Must contain at least one (1) uppercase letter.
    • Must contain one (1) lower case letter.
    • Must contain at least one (1) special character.
  • 60-day password expiration - all passwords will expire after 60 days, if they are not changed within that time period.
  • New change password option - applicants will have the ability to change their password at anytime.
  • Enhancements to "Forgot Password" - applicants can prompt the system to generate an email which includes a new password.
  • Account lockout for incorrect passwords - the user's account will lock for 15 minutes if the user provides the wrong password three (3) times within a five (5) minute period.
  • User role removal after one (1) year of inactivity - accounts that are inactive for one year will be deactivated additionally; AORs will lose their AOR role.
  • Updates to the user profile - select fields will be read only while other fields can be edited once a valid password is submitted.
For more details that explain the changes to the system and what to expect once the security build is in place, please visit: