PCI compliance



  • Anyone here deal with PCI Compliance?

    Section 8: Are policies and procedures for user identification management controls defined and in place for non-consumer users and administrators on all system components, as follows:

    Does this mean any and all systems that are involved when taking a CC payment? i.e. you use a web browser to enter CC number into our processor's website, we maintain no record of the card number, but these restrictions apply to anything on the PC and anything it touches?

    8.2.4 Are user passwords/passphrases changed at least once every 90 days?

    Assuming the all components as described above, PCI requires that users change their Windows passwords every 90 days?



  • @Dashrender Yep. Just one reason why PCI isn't about security, it's about passing the blame.



  • @travisdh1 said in PCI compliance:

    @Dashrender Yep. Just one reason why PCI isn't about security, it's about passing the blame.

    Can also replace PCI with HIPPA here and it stays true.


Log in to reply