Chief Justice Directive 97-03
SUPREME COURT OF COLORADO
Office of the Chief Justice
CONCERNING COMPUTER SECURITY
COLORADO JUDICIAL BRANCH
The information management systems of the Judicial Branch contain vast amounts
of data that are vital to the business of the Branch. It is imperative that these data be
preserved and protected from any unlawful or inappropriate tampering. The issue of data
security must be a paramount concern for all Judicial Branch personnel. Accordingly, all
Branch personnel must adhere at all times to the following:
User IDs and Passwords
User IDs and passwords are a critical level of defense in protecting computers
from non-authorized access and use. All personnel must be diligent in protecting their
user IDs and passwords. Personnel must not let any other person use their assigned user
ID/password, nor shall they use another person’s user ID/password.
Each level of password protection reduces the chances that someone can gain
unauthorized access to the AS/400 network. Authorized users should have a different
password for each part of the system. For example, at a minimum, each user should have
one password for Windows, another for the AS/400, and another still for communications
In addition to the password standards that are enforced by the AS/400 system
itself, users must also adhere to the following practices:
Names of family members or other terms that could be “attributed” to a
user should not be used.
Passwords must not be posted on or near a terminal or PC.
User IDs and passwords must not be recorded in a record key or macro. It
is appropriate to record a sequence of keystrokes to get into an application; but the record
key sequence must begin only after a user has manually entered the user ID and password.
Use of Communications Software on PCs
Communications software which allows a user to communicate directly with a
personal computer from a remote site (e.g., PC Anywhere, Carbon Copy, etc.) should not
be used routinely. On those occasions when