PCI SAQ D, version 2.0. requirement 8.5 - two questions.

[Nick Recchia <nprecchia () USFCA EDU>]

We have a couple question regarding PCI SAQ D version 2.0. requirement 8.5.

Requirement 8.5:
"Are proper user identification and authentication management controls in
place for non-consumer users and administrators on all system components,
as follows...." [1]

1) We had proposed to use Active Directory (AD) to manage requirement 8.5.
Does anyone have experience to indicate that AD will *not* work for this
implementation?

2) Is anyone managing local user accounts, instead of AD user accounts,
within their PCI implementation?

Thanks for your input.

Sincerely,
-Nick

[1] there are 16 sub-requirements (8.5.1 - 8.5.16) that I did not paste
into this e-mail, but maybe found on
https://www.pcisecuritystandards.org/security_standards/documents.php

--
Nicholas Recchia, Ed.D.
Security Administrator
ITS - Security Services
infosec.usfca.edu

University of San Francisco
Lone Mountain North - 236a
2130 Fulton Street
San Francisco, CA 94117
ITS Help Desk, Phone: 415-422-6668, E-mail: itshelp () usfca edu
Fax: 415-422-6719