Each agency must adopt the following guidelines for password administration:
A. Automated password input must not be allowed, except for simplified/single sign on systems that have been approved by ITSB. Passwords must not be stored in clear text on hard drives or any other electronic media. If stored on electronic media, passwords must be classified as sensitive. Refer to Chapter 9 of the ESP for details regarding data encryption.C. Access to password-protected systems must be timed out after an inactivity period of thirty (30) minutes or less.D. Passwords for administrative accounts and accounts with access to sensitive data must be treated with a higher level of security, including: 1. Requiring password changes every thirty (30) days2. Consideration of two-factor authenticationE. Third-party support accounts must be disabled or deleted when not in use.F. Immediately revoke access when an account owner leaves or is terminated. Miss. Code Ann. § 25-53-1 to § 25-53-25.