scope:

The intended audience for this document is those responsible for information security within TfL (including but not limited to T&D, Information Owners and security practitioners); rather than the end users of TfL information systems.

This guidance applies across TfL. The requirement to apply this guidance in a given situation is indicated in the other TfL cyber security documentation from which this document is referenced.

Purpose

This guidance document describes the strength of Authentication Secrets (such as passwords, passphrases and PINs) to be used for various purposes within TfL and supplements other TfL cyber security documentation. It details how Authentication Secrets can be used to secure information of different sensitivities in different scenarios.