Having chewed through all 60+ pages, I can state pretty definitively that there is nothing in SOX specifically about passwords (and please someone correct me if I missed it). What I'd guess is happening is that as part of the procedures for complying with SOX - which in many cases translate to attestable, documented and auditable workflows - the IT department has reached the decision that improved passwords, 6 letter ones in this case, are a requirement. Here's the text of the act: http://news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf On Tue, 2004-12-14 at 07:21 -0500, Peter Kurilecz wrote: > The following was posted to the recmgmt-l-request address by mistake. > <snip> > I have just been informed by our IS dept that according to the SOX > act that all future passwords have to be of six character long with one > of the character being numeric. I just read in a post yesterday that the > SOX act isn't that specific concerning passwords. Could someone provide > me with the specific guidelines for this or an internet connection where > I can find out what is required concerning passwords. Any help that you > can provide will be appreciated. Thank you. > > Joseph Showl > Ph: 609-343-2755 > Fax: 609-641-1167 > Email: [log in to unmask] > <snip> > > > > -- > Peter A. Kurilecz CRM, CA > Richmond, Va > [log in to unmask] > > List archives at http://lists.ufl.edu/archives/recmgmt-l.html > Contact [log in to unmask] for assistance List archives at http://lists.ufl.edu/archives/recmgmt-l.html Contact [log in to unmask] for assistance