Why Secure Your Third-Party Passwords?
In today’s interconnected world, third-party relationships are commonplace. However, these collaborations bring potential cybersecurity risks. To mitigate this, Saudi Aramco has established the SACS-002 Third Party Cybersecurity Standard (TPC), including the crucial TPC-3 control.
Understanding TPC-3: No Clear Text Passwords
TPC-3 mandates that third-parties must not:
- Write down passwords or authentication codes.
- Electronically store them in clear text.
- Disclose them without proper authorization.
Why Ban Clear Text Password Storage?
Storing passwords as plain text is like leaving your front door wide open—anyone can access them if they find the key (or, in this case, intercept the data). Here’s why it’s dangerous:
- Eavesdropping : Hackers could capture passwords transmitted over networks.
- Phishing & Social Engineering : Employees might fall for phishing attempts or social engineering tricks, revealing passwords unwittingly.
How to Comply with TPC-3
To comply with TPC-3, follow these best practices:
- Implement Strong Password Policies: Enforce minimum length (8 alphanumeric characters and special characters), password history (last 12 passwords), maximum age (90 days), account lockout threshold (10 invalid login attempts), and screen saver settings (automatically locked within 15 minutes of inactivity).
- Store Passwords Securely : Use secure methods like hashing or encryption to store passwords.
- Educate Employees : Train your staff on the risks of writing down, storing, or disclosing passwords in clear text.
- Have a Disclosure Policy: Clearly outline what happens if passwords are disclosed and provide steps for reporting such incidents.
Need Assistance with TPC-3 Compliance?
NHR Alemtithal is here to help! Our expert team can guide you through TPC-3 compliance, ensuring your third-party relationships are secure. Contact us today:
📞 +966 55 653 8840 ✉️ info@nhr.com.sa
Visit our service page to learn more about our services: https://www.nhr.com.sa/ccc-for-smb-service/
