The security of precisionFDA users’ personal information and data is of critical importance. In order to further strengthen the safeguards already in place, precisionFDA will be introducing several changes in order to achieve compliance with both the Federal Risk and Authorization Management Program (FedRAMP) MODERATE and Federal Information Security Modernization Act (FISMA) MODERATE security standards. While many of these changes will be transparent to users, there are a few changes that will affect how users interact with precisionFDA:
- Secure Sockets Layer (SSL) connections are required, and traffic from users’ web browsers to precisionFDA website are encrypted with FIPS 140-2 and TLS 1.2. You may need to update and/or configure your web browser to successfully connect to precisionFDA.
- The minimum password complexity is increased; at a user’s next password reset, he/she will need to select a new password with a minimum of twelve characters, and at least one each of upper-case letters, lower-case letters, numbers, and special characters. A new password cannot be the same as any of the previous 24 passwords used.
- Passwords cannot be reset more than once per 24 hours, and passwords expire and need to be changed after 60 days.
- Users are temporarily locked out of their accounts for 30 minutes following more than 3 invalid login attempts within a 15-minute period.
- Users are logged out automatically after 30 minutes of inactivity. An account that is inactive for 90 days is locked and requires emailing precisionFDA support to be unlocked.
- There can be at most two concurrent logins with the same credentials.
Thank you for participating in these efforts to ensure the security of precisionFDA users’ data.