Podcast
Questions and Answers
What is the minimum required length for passwords according to the policy?
What is the minimum required length for passwords according to the policy?
How many password history records are maintained according to the policy?
How many password history records are maintained according to the policy?
What is the duration of password lockout after 6 failed attempts?
What is the duration of password lockout after 6 failed attempts?
Who should approve deviation from the policy?
Who should approve deviation from the policy?
Signup and view all the answers
Which standard does the document reference?
Which standard does the document reference?
Signup and view all the answers
What type of authentication should be utilized for remote access to the cardholder network?
What type of authentication should be utilized for remote access to the cardholder network?
Signup and view all the answers
What principle is user authentication based on?
What principle is user authentication based on?
Signup and view all the answers
How often should vendors' remote access accounts be changed?
How often should vendors' remote access accounts be changed?
Signup and view all the answers
Who is responsible for approving deviation from the policy?
Who is responsible for approving deviation from the policy?
Signup and view all the answers
Study Notes
Password and Access Control Policy Document
- The document is a draft version 0.1 of the Password and Access Control Policy.
- It outlines roles and responsibilities for HR, Information Security Manager, and Systems Administrators.
- The policy applies to all systems and assets owned, managed, or operated by the company.
- User authentication is based on business needs and the principle of least privilege.
- Different authentication mechanisms are specified for various access points like operating systems, web applications, email, and voice.
- Passwords must be at least 8 characters long and include upper and lower case letters, numbers, and special characters.
- Password history is maintained for at least 4 passwords, and password lockout is set to 6 attempts with a duration of 30 minutes.
- Remote access to the cardholder network should utilize two-factor authentication.
- Vendors' remote access accounts should be monitored and changed regularly.
- Violations of the policy may result in disciplinary action, including termination of employment.
- Deviation from the policy is allowed only with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.
- The document references the Payment Card Industry Data Security Standard (PCI DSS).
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers the content of a draft version 0.1 of a Password and Access Control Policy, detailing roles, responsibilities, and requirements for user authentication, password management, and remote access security measures. The policy applies to all systems and assets owned, managed, or operated by the company.
