Home

April 20, 2024

Information Security Leader, Author, Instructor and Speaker

Home » Articles » Exploring PCI DSS Requirement 2 Compliance Issues

Exploring PCI DSS Requirement 2 Compliance Issues

Posted on April 2, 2015 in Articles | by

Readers of the 2014 Verizon PCI DSS compliance report may be surprised to learn that 48.9% of companies failed to fully meet the demands of PCI DSS Requirement 2. On its face the requirement, summarized as “Do not use vendor-supplied defaults for system passwords and other security parameters,” seems very straightforward. Who doesn’t change default passwords these days?

The reality is that the requirement is much more complex than simply changing default passwords. PCI includes quite a few requirements under this same banner, including developing system configuration standards, implementing separate servers for each primary function, removing unnecessary functionality, and encrypting non-console administrative access. The full text for Requirement 2 fills six pages of text and provides great detail on merchant expectations.

Read More: “Exploring PCI DSS Requirement 2 Compliance Issues”

Published April 2, 2015 on SearchSecurity.com

TAGS: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Tag Cloud

antivirus  application security  CISSP  cloud computing  cloud security  compliance  content filtering  cybersecurity  cybersecurity skills  database security  data breach  data loss prevention  DDoS  DLP  encryption  endpoint security  firewall  firewalls  HIPAA  IDS  incident handling  incident response  IPS  malware  mobile devices  mobile security  multifactor authentication  NAC  Networking  network security  PCI DSS  penetration testing  privacy  product review  risk assessment  security certification  security certifications  security management  security policy  SSL  VPN  vulnerability management  vulnerability scanning  web security  wireless security
Copyright 2002-2012, Michael J. Chapple