DD ENV 12251:2001

1 Scope
2 Normative references
3 Definitions
   3.1 Access control
   3.2 Authentication information
   3.3 Authorised user
   3.4 Default password
   3.5 Identification
4 Requirements
   4.1 Unique identification and authentication
   4.2 Identification and authentication prior
        to all other interactions
   4.3 Associating unique identity with users
   4.4 Maintaining the identity with users
   4.5 Log-on message
   4.6 Number of log-on trials
   4.7 Incorrectly performed log-on procedure
   4.8 Display of log-on statistics
   4.9 Password sharing
   4.10 Password storage
   4.11 Logging of passwords
   4.12 Passwords display suppression
   4.13 User-changeability of passwords
   4.14 Default passwords
   4.15 Initialised passwords
   4.16 Temporary passwords
   4.17 Password expiration
   4.18 Password expiration notification
   4.19 Password reuse
   4.20 Password complexity
Annex A (informative) Potential password complexity requirements
Annex B (informative) User responsibilities
Annex C (informative) Password communication
Annex D (informative) Bibliography

Designed to improve the authentication of individual users of health care IT system, by strengthening the automatic software procedures associated with the management of user identifiers and passwords, without resorting to additional hardware facilities.