Podcast
Questions and Answers
Is the document a draft of a Password and Access Control Policy for a company?
Is the document a draft of a Password and Access Control Policy for a company?
True
Does the policy apply to all systems and assets owned, managed, or operated by the company?
Does the policy apply to all systems and assets owned, managed, or operated by the company?
True
Are passwords required to be at least 6 characters long?
Are passwords required to be at least 6 characters long?
False
Is two-factor authentication required for remote access to the cardholder network?
Is two-factor authentication required for remote access to the cardholder network?
Signup and view all the answers
Should passwords include a combination of upper case letters, lower case letters, numbers, and special characters?
Should passwords include a combination of upper case letters, lower case letters, numbers, and special characters?
Signup and view all the answers
Is password lockout set to 6 attempts, with a lockout duration of 30 minutes?
Is password lockout set to 6 attempts, with a lockout duration of 30 minutes?
Signup and view all the answers
Is deviation from the policy permitted without a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel?
Is deviation from the policy permitted without a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel?
Signup and view all the answers
Should vendor remote access accounts be monitored and changed regularly?
Should vendor remote access accounts be monitored and changed regularly?
Signup and view all the answers
Is the document referencing the Payment Card Industry Data Security Standard?
Is the document referencing the Payment Card Industry Data Security Standard?
Signup and view all the answers
Study Notes
Password and Access Control Policy Document Summary
- The document is a draft of a Password and Access Control Policy for a company, with version 0.1 and the date of issuance not specified.
- The policy applies to all systems and assets owned, managed, or operated by the company.
- The roles and responsibilities outlined include those of HR Role/Line Manager, Information Security Manager, and Systems Administrators.
- The policy emphasizes user authentication, operating system access authentication, web authentication, voice authentication, email authentication, fax authentication, white mail authentication, remote access authentication, and network device authentication.
- Passwords must not be shared, and all users should have unique IDs before gaining access to systems.
- Passwords must be at least 8 characters long and include a combination of upper case letters, lower case letters, numbers, and special characters. Password history is maintained for at least 4 passwords.
- Password lockout is set to 6 attempts, with a lockout duration of 30 minutes.
- Two-factor authentication is required for remote access to the cardholder network.
- Vendor remote access accounts should be monitored and changed regularly.
- Access to databases containing cardholder data should have a separate authentication layer, and queries must be restricted to database administrators.
- Deviation from the policy is only permitted with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.
- The document references the Payment Card Industry Data Security Standard.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz is a summary of a draft Password and Access Control Policy document for a company, covering user authentication, password requirements, two-factor authentication, and access control measures. It outlines roles and responsibilities, password policies, lockout settings, remote access requirements, and guidelines for handling cardholder data.
