Simple password rules for PCI DSS Compliance

Simple password rules for PCI DSS Compliance

- User-level passwords must be changed at least every 60 to 90 days.
- Accounts that have system-level privileges must have a unique password from all other accounts held by that user.
- Passwords must not be transmitted over the Internet by e-mail or any other form of communication, without being encrypted.
- Passwords should be a minimum 6 to 8 characters in length, with a combination of upper- and lower-case alpha and numeric characters and special characters as well (e.g., !%@$)
- Passwords should never be written down or shared with anyone.

CompliancesForum provide FREE template, checklist, and update for your Regulatory Compliance need: Basel II Accord, Gramm Leach Bliley (GLBA), Healthcare Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standards (PCI DSS), Sarbanes Oxley Act (SOA)

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Google
  • Yahoo
  • Technorati

User login

Who's online

There are currently 0 users and 1 guest online.

Who's new

  • PreedaJex
  • logsLarostata
  • tesejeora
  • andygriffinkid
  • WooroExteve