Authentication Requirements

Introduction

This document establishes the minimum security requirements to configure how technologies authenticate.

This policy applies to company-provided systems.

Identities and credentials for authorized users, services, and hardware are managed by Facebook.

Users, services, and hardware are authenticated.

Display a system-use notification message with privacy and security notices consistent with applicable rules before granting access to the system.
Prevent access to the system by initiating a device lock after 30 minutes of inactivity.
Terminate a user session automatically after 24 hours of inactivity.
Authenticate all external access to the network using MFA.
The password must be at least 6 characters long.

Identity assertions are protected, conveyed, and verified.

Last updated 1 year ago