The purpose of this policy is to protect a C&C workstation against unauthorized access and denial of service.
Passwords should be changed every XX days.
Accounts on user workstations may not be given out to persons not affiliated with C&C.
Security alerts should be heeded and security patches applied promptly. (need to elaborate)