Learn more at [ Ссылка ]

PCI Requirement 8.2.4 expects your organization to change user passwords/passphrases at least once every 90 days. The PCI DSS explains, “Passwords/passphrases that are valid for a long time without a change provide malicious individuals with more time to work on breaking the password/phrase.” You may think that a shorter password/passphrase expiration date would be more secure, but best practice states that 90 days is an appropriate period of time. A smaller window, like 30 days, can reduce usability and cause users to choose weak passwords.
To verify compliance with PCI Requirement 8.2.4, assessors will examine a sample of system configuration settings to see that you change user passwords/passphrases at least once every 90 days. Service providers must undergo additional testing of their internal processes to see that non-consumer customer user passwords/passphrases are required to change periodically and these users are given guidance on when, and under what circumstances, passwords/passphrases must change.
Stay Connected
Twitter: [ Ссылка ]
LinkedIn: [ Ссылка ]
Facebook: [ Ссылка ]

More Free Resources
Blog: [ Ссылка ]
Webinars: [ Ссылка ]
Videos: [ Ссылка ]
White Papers: [ Ссылка ]

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, ISO 27001, FISMA, and CFPB frameworks.

For more about KirkpatrickPrice: [ Ссылка ]
Contact us today: 800-770-2701 [ Ссылка ]

свернуть