CIPS Password Rules

Strong password rules protect Federal agency records from unauthorized access or modification. CIPS users are required to use the new rules when creating or changing passwords.

  1. Passwords must be exactly 8 characters long (formerly 7-8).
  2. Passwords cannot contain any portion of the user id.
  3. Passwords must contain one or more characters from each of the following three classes:
    • Letters (A-Z, a-z, or any combination)
    • Numbers (0-9)
    • Special characters <e>@ # $ </e>
  4. Passwords cannot contain repeating letters or numbers (aa, DD, 11, 22, etc.).
  5. Passwords must be changed at least every 90 days.
  6. Passwords cannot contain common words and abbreviations.
  7. A user's last three passwords and current password cannot be reused.