top of page

Access Control & Password Policy

  • Jungle Tech Corporation – Access Control & Password Policy

  • Version: 1.0 | Last Updated: March 13, 2026

  • 1. Purpose

  • This policy defines the standards for creating, protecting, and changing passwords and the rules for accessing Jungle Tech’s information systems.

  • 2. Identity and Access Management (IAM)

  • Individual Accountability: Every user must have a unique account. Sharing of account credentials (e.g., "admin@junglet.com") is strictly prohibited.

  • Role-Based Access Control (RBAC): Access is granted based on the user's role. A developer will have "Contributor" rights to a dev environment but "Reader" or no access to the production financial database.

  • Just-In-Time (JIT) Access: Where possible, privileged access to production environments should be granted only for a specific window of time to perform a specific task.

  • 3. Password Requirements (The "Golden Rules")

  • Jungle Tech follows a "Passphrase" approach. Passwords must meet the following minimum technical requirements:

  • Minimum Length: 14 characters.

  • Complexity: Must include a mix of uppercase letters, lowercase letters, numbers, and symbols.

  • Uniqueness: New passwords cannot be the same as the previous 10 passwords used.

  • Forbidden Content: Passwords must not contain the user’s name, username, or "JungleTech."

  • 4. Multi-Factor Authentication (MFA)

  • MFA is Mandatory: MFA must be enabled for all corporate accounts, including Email, Azure Portal, GitHub, and Slack.

  • Preferred Methods: Users must use an Authenticator App (e.g., Microsoft Authenticator) or hardware keys (e.g., YubiKey). SMS-based MFA is discouraged and should only be used as a last resort.

  • 5. Password Protection & Storage

  • Password Managers: All employees must use a company-approved password manager (e.g., Bitwarden or 1Password) to generate and store complex passwords.

  • No Plain Text: Passwords must never be written down, stored in Excel sheets, or sent via Slack/Email.

  • System Storage: Jungle Tech applications must never store passwords in plain text. All passwords must be "salted and hashed" using industry-standard algorithms (e.g., Argon2 or bcrypt).

  • 6. Account Lockout and Session Management

  • Lockout: Accounts will be temporarily locked after 5 failed login attempts within a 15-minute window.

  • Session Timeout: Administrative sessions (Azure Portal) will automatically time out after 60 minutes of inactivity.

  • Screen Lock: Employees must set their devices to automatically lock the screen after a maximum of 5 minutes of inactivity.

  • 7. Termination of Access

  • Involuntary Termination: Access must be revoked immediately (within 1 hour) upon notice of termination.

  • Voluntary Termination: Access must be revoked by the end of the employee's final business day.

bottom of page