Rank: Member
Joined: 1/23/2013(UTC)
Posts: 267
Location: Joliet, IL
Thanks: 64 times
|
So I can't set the password expiration to anything more than 90 days. Is that really a PCI requirement - I find it hard to believe? I don't have to change my bank username...ever. Amazon.com doesn't make me change my password. So I set it to 1,000 days - we'll see what happens. Edited by user Tuesday, July 23, 2013 4:46:32 PM(UTC)
| Reason: Not specified
|
|
|
|
|
|
Rank: Administration
Joined: 4/2/2004(UTC) Posts: 2,396 ![United States]( "United States") Location: Hummelstown, PA Thanks: 6 times
Was thanked: 164 time(s) in 159 post(s)
|
Originally Posted by: TKatch  So I can't set the password expiration to anything more than 90 days. Is that really a PCI requirement - I find it hard to believe? If you're interested take a look at the PCI-DSS compliance document page 49: Quote:8.5.9 Change user passwords at least every 90 days.
8.5.9.a For a sample of system components, obtain and inspect system configuration settings to verify that user password parameters are set to require users to change passwords at least every 90 days. |
Aaron Sherrick
BV Commerce
Toll-free 888-665-8637 - Int'l +1 717-220-0012 |
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.