All Posts
Aramco Cybersecurity Compliance 50 Views 2 min read

Secure TPC-3: No Writing, Storing Clear Text Passcodes

Last Updated March 7, 2026
Secure TPC-3 Control: No Writing, Storing Clear Text Passcodes

Why Secure Your Third-Party Passwords?

In today’s interconnected world, third-party relationships are commonplace. However, these collaborations bring potential cybersecurity risks. To mitigate this, Saudi Aramco has established the SACS-002 Third Party Cybersecurity Standard (TPC), including the crucial TPC-3 control.

Understanding TPC-3: No Clear Text Passwords

TPC-3 mandates that third-parties must not:

  1. Write down passwords or authentication codes.
  2. Electronically store them in clear text.
  3. Disclose them without proper authorization.

Why Ban Clear Text Password Storage?

Storing passwords as plain text is like leaving your front door wide open—anyone can access them if they find the key (or, in this case, intercept the data). Here’s why it’s dangerous:

  • Eavesdropping : Hackers could capture passwords transmitted over networks.
  • Phishing & Social Engineering : Employees might fall for phishing attempts or social engineering tricks, revealing passwords unwittingly.

How to Comply with TPC-3

To comply with TPC-3, follow these best practices:

  1. Implement Strong Password Policies: Enforce minimum length (8 alphanumeric characters and special characters), password history (last 12 passwords), maximum age (90 days), account lockout threshold (10 invalid login attempts), and screen saver settings (automatically locked within 15 minutes of inactivity).
  2. Store Passwords Securely : Use secure methods like hashing or encryption to store passwords.
  3. Educate Employees : Train your staff on the risks of writing down, storing, or disclosing passwords in clear text.
  4. Have a Disclosure Policy: Clearly outline what happens if passwords are disclosed and provide steps for reporting such incidents.

Need Assistance with TPC-3 Compliance?

NHR Alemtithal is here to help! Our expert team can guide you through TPC-3 compliance, ensuring your third-party relationships are secure. Contact us today:

📞 +966 55 653 8840 ✉️ info@nhr.com.sa

Visit our service page to learn more about our services: Aramco CCC All-In-One Kit – SACS-002 Compliance Solution

Share this article:
Fast-Track Your Compliance

Need help with Aramco CCC Certification?

Get a Free Expert Consultation.

Aramco Kit
Ali Aljubaily

Ali Aljubaily

Cybersecurity Consultant

I am Ali Yousef, a certified engineer from Microsoft, holding the Microsoft Certified System Associate certification as well as the CompTIA Network+ certification. I work as the Group IT Manager.

Latest

Explore Our Blog Posts

Discover insightful articles on cybersecurity and more.

Aramco Cybersecurity Compliance - Email Compliance Guide
Aramco Cybersecurity Compliance 15 Views 11 min read

Pass the TPCS Email Audit with Exchange Online and Defender for Office 365

Achieve TPCS email security compliance using Exchange Online and Defender for Office 365. A step-by-step guide for Vendors seeking Aramco...
Read more
Access Control SACS-210 compliance guide for IT Managers TPC1.9 TPC1.12
Aramco Cybersecurity Compliance 31 Views 8 min read

What Is Access Control in SACS-210? An IT Manager’s Guide

Wondering what is access control for SACS-210? Eliminate guesswork and get auditor-ready templates to enforce MFA, RBAC, and secure corporate...
Read more
Aramco Cybersecurity Compliance 45 Views 10 min read

Pass SACS-210 Compliance Using Microsoft Entra ID Plan 1: A Guide for Saudi SMEs

Pass SACS-210 compliance with Microsoft Entra ID Plan 1. A step-by-step identity and access management guide for Saudi SMEs seeking...
Read more

Our Certified Expertise and Technology Partnerships

We are certified partners with the world's leading cybersecurity vendors to deliver best-in-class solutions.

Microsoft
Microsoft
Certified Partner
Bitdefender
Bitdefender
Gold Partner
Fortinet
Fortinet
Authorized Partner
Acronis
Acronis
Certified Partner

Ready to Secure Your Business?

Our cybersecurity experts are here to help you achieve compliance and protect your digital assets with our 100% remote implementation model. Achieving compliance requires zero on-site field visits or internal IT hours. Contact us for a free, no-obligation assessment of your cybersecurity needs. We are committed to a 2-hour response time for all inquiries during business hours.

Get In Touch Call +966 55 653 8840
2-hour response time
Free consultation
Certified experts