■Network Security
For some tools that require special security measures, we implement closed networks using VPN and restrict source IP addresses.
■Account Security
User IDs are issued on a one-per-person basis in principle, and we do not share user IDs.
The issuance of production management accounts and granting of permissions are all executed with the approval of the Information Security Officer, and we conduct regular inventory checks of accounts and permissions.
Two-factor authentication is mandatory when accessing the production infrastructure environment, and all operation commands on the production infrastructure are recorded and monitored.
When issuing various management accounts, we require and operate password policies that comply with NIST SP 800-63B in our Information Security Handbook.
Note that since the Ministry of Internal Affairs and Communications has issued information stating that regular password changes are unnecessary, we do not implement regular password changes.
http://www.soumu.go.jp/main_sosiki/joho_tsusin/security/business/staff/01.html