The purpose of this policy is to ensure that only authorized users gain access to Nested Knowledge’s information systems.

This policy affects all employees of this Nested Knowledge and its subsidiaries, and all contractors, consultants, temporary employees and business partners. Employees who deliberately violate this policy will be subject to disciplinary action up to and including termination.

This policy applies to all computer and communication systems owned or operated by Nested Knowledge and it’s subsidiaries. Systems include company shared drives, purchased software, as well as access to the Nested Knowledge AutoLit review platform. Similarly, this policy applies to all platforms (operating systems) and all application systems. Reviews developed in the AutoLit software by parties external to Nested Knowledge are not covered in this policy.

Internal Passwords

Concerns rules and practices internally at NK

All programs, including applications developed internally by Nested Knowledge must be password protected.

All passwords must be promptly changed if they are suspected of being disclosed, or known to have been disclosed to unauthorized parties.

Passwords must be kept confidential and may not be shared among users. Users are prohibited from recording passwords in an unencrypted medium, like a notetaking application, mobile phone, or piece of paper.

Passwords will not be stored in readable form without access control or in other locations where unauthorized persons might discover them. All such passwords are to be strictly controlled using either physical security or computer security controls

External Passwords

Concerns rules and practices for users authenticating to NK software

Application Passwords

All programs, including third party purchased software and applications developed internally by Nested Knowledge must be password protected.

All systems will require a valid user ID and password. All unnecessary operating system or application user IDs not assigned to an individual user will be deleted or disabled. The use of a four digit pin or secret questions is not acceptable as an authentication method.

All user-chosen passwords must contain at least one alphabetic character, one number, and one special character. Passwords must contain a minimum of 8 characters. All users must be automatically forced to change their passwords appropriate to the classification level of information. To obtain a new password, a user must present suitable identification. Passwords requirements are set by the respective systems—for instance, Google Accounts and Outh2, and are subject to change.

General Applies to NK internal passwords and passwords for all NK users.

The company does not currently have a Password Expiration Time policy; Google and Auth0 may require users to change their passwords at required intervals, but the company defers to these provider's policies with respect to password expiration.

The company will review the Password Expiration Time policy periodically to ensure that long-term exposures are minimized.

The display and printing of passwords should be masked, suppressed, or otherwise obscured so that unauthorized parties will not be able to observe or subsequently recover them. After multiple unsuccessful attempts to enter a password, the involved user-ID must be either: (a) suspended until reset by a system administrator, (b) temporarily disabled for no less than three minutes, or © if dial-up or other external network connections are involved.

All passwords must be promptly changed if they are suspected of being disclosed, or known to have been disclosed to unauthorized parties.

Passwords must be kept confidential and may not be shared among users. Users are prohibited from recording passwords in an unencrypted medium, like a notetaking application, mobile phone, or piece of paper.

Return to Policies