No. MF-CGA/ITD-SPC/Password Policy/2012-13 lo S`?I
Government of India
Ministry of Finance, Department of Expenditure
Controller General of Accounts
Lok Nayak Bhawan, Khan Market,
New Delhi-1100511
Dated, 16t," April 2014
Subject:- Password policy of PAOs for COMPACT
In supersession of this office's earlier OM No. MF-
CGA/SYS/07/11/IT Audit/832-60 dated 3 rd August 2007, the following
Password policy is enunciated with immediate effect in order to ensure
more secure environment for COMPACT application sans data
1. The Password of the admin user should be changed and the same
should only be known to the PAO/Administrator.
2. The access to the user master form for creating/ modifying of a user
should be only with the PAO and its access should not be given to
any other user.
3. Whenever a new user is created in COMPACT the access to only
the forms, which are required as per the functional working of the
user, should be given to the user.
4. To ensure that only the user knows the password he should at the
time of first log into the system change the password given to him.
5. In case a user proceeds on leave the access to the forms of that
user during his leave period should be given to the user looking
after that work by modifying the users access right.
6. In case a user is transferred/ leaves the office, the users should not
be deleted, only the access rights of all the forms should be
withdrawn to make the user id dysfunctional.
7. It should be made a general practice that all the users change their
password every 15 days.
8. Every computer in the network should be installed with anti-virus
and anti-spy ware and the same should be regularly updated to
ensure that no spy ware gets installed thus compromising with the