...
All users who have elevated access to a system or service will have a secondary account for used solely used for tasks that require greater administrative access. The account will be tied to an individual user and that user will be responsible for keeping the account secure. The password for this account must follow the Network Password Requirements and cannot be the same as your personal account.
...
(Should we put specific password completely requirements on these accounts?)
Vendor Account
Vendor A vendor accounts will be created and for vendors that we have a signed contract with. The account will follow the naming conventions convention as established in the Privileged Access Standard. the account and is limited to nonto non-privileged user activities such as using the VPN.
If the vendor will be doing work that requires privileged account access they will be required to use a vendor administrative account using the established Privileged Access Standard. The account may only be used for the purpose it was created for.
(Should we put specific password completely requirements on these accounts?)
...
(Should we put specific password completely requirements on these accounts?)
...
(Should we put specific password completely requirements on these accounts?)
...
(Should we put specific password completely requirements on these accounts?)
...