PCI Password Policy Compliance

9,868 views

Published on

A quick overview of the password policy regulations enforced by Payment Card Industry Compliance and nFront Security offers a quick solution for companies struggling with filling out SAQs. View more information about <a>nFront Password Filter</a>.

Published in: Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
9,868
On SlideShare
0
From Embeds
0
Number of Embeds
167
Actions
Shares
0
Downloads
44
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

PCI Password Policy Compliance

  1. 1. PCI Password Compliance
  2. 2. PCI Password Compliance • What is PCI Compliance • PCI Password Regulations • nFront Password Filter Benefits
  3. 3. What is PCI Compliance Payment Card Industry (PCI) Compliance is a set of security standards that were created by the major credit card companies to protect their customers from increasing identity theft and security breaches.
  4. 4. PCI Password Requirements  8.5.3 Set first-time passwords to a unique value for each user and change immediately after the first use.  8.5.8 Do not use group, shared, or generic accounts and passwords.  8.5.9 Change user passwords at least every 90 days.  8.5.10 Require a minimum password length of at least seven characters.  8.5.11 Use passwords containing both numeric and alphabetic characters.  8.5.12 Do not allow an individual to submit a new password that is the same as any of the previous four passwords.
  5. 5. First Time Passwords 8.5.3 Set first-time passwords to a unique value for each user and change immediately after the first use.  Do not set first time passwords to something simple like the user’s last name  Follow up to make sure the user actually logs on and changes their password  If the person never logs on the account could sit on the network awaiting an easy hacking attempt  Consider our nFront Account Disabler product to disable dormant or unused accounts
  6. 6. No shared accounts 8.5.8 Do not use group, shared, or generic accounts and passwords.  Every administrator and person should have separate user accounts  Ideally, administrators should have 2 accounts: one regular user account and one with administrative privileges  Shared accounts provide no unique audit trail. Malware or viruses can destroy or compromise any data accessible by the shared account  The built-in administrator account should be used for emergencies only
  7. 7. Change Passwords Often 8.5.9 Change user passwords at least every 90 days.
  8. 8. Minimum Password Length 8.5.10 Require a minimum password length of at least seven characters.
  9. 9. Include Numbers in Passwords 8.5.11 Use passwords containing both numeric and alphabetic characters.
  10. 10. Password Repetition Windows - Good 8.5.12 nFront - Even Better Do not allow an individual to submit a new password that is the same as any of the previous four passwords.
  11. 11. What is nFront Password Filter  nFront Password Filter is a password policy enforcement solution that provides multiple, granular password policies for Windows domains.  The standard Windows password policy cannot meet most industry compliance requirements. Without nFront Password Filter your network can allow weak passwords that are an easy target for hackers and malware.
  12. 12. nFront Password Filter Benefits nFront Password Filter options exceed PCI Requirements  One checkbox to meet minimum PCI password requirements  Up to 6 different granular password policies in one Windows Domain  A dictionary option to prevent millions of common passwords is less than one second  An optional client to clearly show the password rules and an improved failure message
  13. 13. One Step Compliance nFront Password Filter provides features that Windows cannot - such as one step PCI Compliance.
  14. 14. Multiple Policies Create up to 6 different password policies with each policy targeting one or more security groups or OUs.
  15. 15. Prevent Common Passwords Optional nFront features not possible with standard Windows policies: • Customizable dictionary check • Client with strength meter • Better failure message
  16. 16. nFront Password Filter Benefits Fill out SAQs faster with the assurance that you are PCI DSS compliant with a password filter on your network. Better security against password hacking/cracking.
  17. 17. From the nFront Team, Thank You For questions regarding nFront Security products or compliance please visit nFrontSecurity.com

×