TSB Security Subcommittee materials describe SEC-06-01-S replacing 141.10 authentication requirements and setting January 1, 2026 password policy change

Technology Services Board (TSB) Security Subcommittee agenda materials (Aug. 8, 2024) describe SEC-06-01-S Identification and Authentication Security Standard as expanding on and replacing 141.10 sections 6.2 and 6.3, and include an explicit future-dated change: beginning Jan. 1, 2026, password length and expiration requirements increase (minimum 15 characters; maximum 365-day expiration). This is a concrete implementation milestone for agencies’ authentication/password policies derived from the 141.10 successor standards. Because the agenda book is meeting material (not the final adopted standard text), treat the regulatory status as proposed unless separately confirmed as adopted in an official issued standard document.