Municipality of Macerata

Password Collaboration Meets Compliance

About the Organization

The Municipality of Macerata, situated in Italy on the hills between the Apennines and the Adriatic Sea, is a public institution with 250 employees serving the city of Macerata. Macerata has a population of over 40,000 inhabitants. The municipality's IT department adopted Passbolt and plays a crucial role in maintaining the digital infrastructure and ensuring compliance with national and European ICT security regulations.

Panorama Centro Macerata
This file is licensed under the Creative Commons Attribution-Share Alike 4.0 International - Author: MCDMEDP

The Challenge

Prior to adopting Passbolt, the Municipality of Macerata's IT department, comprising a team of five, did not use any organizational password management tools. The need for GDPR and security regulation compliance, a cloud-based SaaS solution to simplify management, and enhanced security levels became evident, especially following a cyberattack a year ago. The possibility to share passwords was crucial for effective team collaboration. Previously, they used an on-premise database file locked within a secured folder, which was insufficient for their evolving requirements.

The Solution

Passbolt was chosen for its multi-platform support, compatibility with major browsers, open-source nature, and strong GDPR compliance – vital for a public organization like Macerata. Other solutions like Bitwarden, Lastpass, and Keepass were considered but didn’t meet their specific needs. The implementation of Passbolt marked a significant improvement in their password management practices, offering enhanced security and collaboration features for the IT team.

Passbolt aids the Municipality of Macerata in adhering to "Misure minime di sicurezza ICT per le pubbliche amministrazioni," a set of ICT security regulations established by the Italian agency AgID (Agenzia per l'Italia Digitale). This framework, aligning with the SANS 20 "CIS Critical Security Controls for Effective Cyber Defense," outlines various mandatory requirements. Specifically, Passbolt assists in fulfilling key aspects of these regulations, notably ABSC_ID (AgID Basic Security Control) 5.2.1, 5.2.2, 5.7.2, and 5.11.1. These pertain to maintaining and updating an administrative credentials database with proper security measures and facilitating the creation of strong, reliable passwords.

The Results

Since implementing Passbolt, the IT team has experienced a dramatic improvement in password management effectiveness and compliance with Italian and European law requirements. They can now generate and manage high-quality, strong passwords and maintain an up-to-date list of administrative privileges. The sharing feature, particularly with the browser extension, has sped up password management processes and made them more comfortable. Every Euro spent on Passbolt has been considered very well spent, reflecting its high ROI.