Password and Access Control Policy Document Quiz

Password and Access Control Policy Document

• The document is a draft version of the Password and Access Control Policy.
• The policy is designed to address critical access needs and protect physical assets and sensitive information.
• The policy is created to satisfy specific requirements of the Payment Card Industry Data Security Standard (PCI DSS).
• The policy applies to all systems and assets owned, managed, or operated by the organization.
• The roles and responsibilities include HR Role/Line Manager, Information Security Manager, and Systems Administrators.
• User authentication is required for access to information systems and networks.
• Access control systems must have a default "deny-all" setting.
• Non-authenticated or shared/group user IDs are prohibited.
• Different authentication mechanisms are required for different access channels.
• Secure mechanisms for authentication are required for operating system access, web applications, voice inquiries, email, fax, and white mail.
• Two-factor authentication is required for remote access to the Cardholder Data Environment for PCI DSS compliance.
• Passwords must meet specific requirements, including length, character types, and history.