Educause Security Discussion mailing list archives
PCI SAQ D, version 2.0. requirement 8.5 - two questions.
From: Nick Recchia <nprecchia () USFCA EDU>
Date: Tue, 13 Nov 2012 10:53:22 -0800
We have a couple question regarding PCI SAQ D version 2.0. requirement 8.5. Requirement 8.5: "Are proper user identification and authentication management controls in place for non-consumer users and administrators on all system components, as follows...." [1] 1) We had proposed to use Active Directory (AD) to manage requirement 8.5. Does anyone have experience to indicate that AD will *not* work for this implementation? 2) Is anyone managing local user accounts, instead of AD user accounts, within their PCI implementation? Thanks for your input. Sincerely, -Nick [1] there are 16 sub-requirements (8.5.1 - 8.5.16) that I did not paste into this e-mail, but maybe found on https://www.pcisecuritystandards.org/security_standards/documents.php -- Nicholas Recchia, Ed.D. Security Administrator ITS - Security Services infosec.usfca.edu University of San Francisco Lone Mountain North - 236a 2130 Fulton Street San Francisco, CA 94117 ITS Help Desk, Phone: 415-422-6668, E-mail: itshelp () usfca edu Fax: 415-422-6719
Current thread:
- PCI SAQ D, version 2.0. requirement 8.5 - two questions. Nick Recchia (Nov 13)