Security Build Overview - Grantors

September 17, 2010

The Security Build is an update to the Grants.gov system to comply with the current National Institute of Standards and Technology (NIST) security standards. The changes for the build will be available on October 11, 2010. These updates will not apply to System-to-System accounts. Applicants will experience a number of system changes that include updates to passwords and logins, including:

  • New password requirements - new rules when creating a new password.
    • Cannot be the same as the previous six (6) passwords.
    • Must contain at least eight (8) characters.
    • Must contain at least one (1) number.
    • Must contain at least one (1) uppercase letter.
    • Must contain one (1) lower case letter.
    • Must contain one (1) special character.
  • 60-day password expiration - all passwords will expire after 60 days, if they are not changed within that time period.
  • Going forward all passwords will expire every 60 days. For example, if a password is changed today, it is considered as day one (1). This password will be valid for 60 calendar days and will not be valid on the 61st day onward.
  • New change password option - applicants will have the ability to change their password at anytime.
  • Enhancements to "Forgot Password" - applicants can prompt the system to generate an email which includes a new password.
  • Account lockout for incorrect passwords - the user's account will lock for 15 minutes if the user provides the wrong password three (3) times within a five (5) minute period.
  • User role removal after one (1) year of inactivity - accounts that are inactive for one year will be deactivated additionally; AORs will lose their AOR role.
  • Updates to the user profile - select fields will be read only while other fields can be edited once a valid password is submitted.