Information Security Leader, Author, Instructor and Speaker

Exploring PCI DSS Requirement 2 Compliance Issues

Posted on April 2, 2015 in Articles | by

Readers of the 2014 Verizon PCI DSS compliance report may be surprised to learn that 48.9% of companies failed to fully meet the demands of PCI DSS Requirement 2. On its face the requirement, summarized as “Do not use vendor-supplied defaults for system passwords and other security parameters,” seems very straightforward. Who doesn’t change default passwords these days?

The reality is that the requirement is much more complex than simply changing default passwords. PCI includes quite a few requirements under this same banner, including developing system configuration standards, implementing separate servers for each primary function, removing unnecessary functionality, and encrypting non-console administrative access. The full text for Requirement 2 fills six pages of text and provides great detail on merchant expectations.

Read More: “Exploring PCI DSS Requirement 2 Compliance Issues”

Published April 2, 2015 on

TAGS: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography