Farah K
27th July 2009, 11:53 AM
Is self-serve password reset for Windows considered for validation under CFR Part 11?
Would such a tool be considered an extension of Active Directory with functionality for users to reset NT Domain password similar to OS level password reset?
Has anyone installed such a tool - did you IQ/OQ the installation of the tool or just used your existing security policies/SOPs to show control?
Ajit Basrur
27th July 2009, 11:13 PM
Is self-serve password reset for Windows considered for validation under CFR Part 11?
Would such a tool be considered an extension of Active Directory with functionality for users to reset NT Domain password similar to OS level password reset?
Has anyone installed such a tool - did you IQ/OQ the installation of the tool or just used your existing security policies/SOPs to show control?
Welcome to the Cove, Farah :bigwave:
Does anyone have answer for Farah's question ?
BradM
27th July 2009, 11:34 PM
Hello, Farah!
I'm confused. However, if you read very many of my posts, you would see that is easy to do. :lmao: So a few questions:
What exactly are you wanting to validate?
Why are you wanting to validate?
What section of the CFR are you wishing to show validation compliance with?
Validation coupled with password reset is a new one to me.
If you're asking if a password reset functionality needs to be validated, I would say it depends on the system. If it is just to the organizational operating system, I would say no. However, password reset on an ER/ES system might be a little different, as the passwords represent electronic signatures.
