Password and Access Control Policy Draft Quiz
9 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What version of the Password and Access Control Policy is the document?

  • Version 1.0
  • Version 0.2
  • Version 0.1 (correct)
  • Version 0.5

    • Which requirement(s) does the policy aim to meet?

  • PCI DSS requirements 7.1 & 7.2 and 8.5 (correct)
  • HIPAA compliance standards
  • ISO 27001 requirement 5.2
  • NIST SP 800-53 controls

    • Which authentication principle is User Authentication based on?

  • Principle of least privilege and need-to-know basis (correct)
  • Principle of unrestricted access
  • Principle of excessive privilege
  • Principle of shared credentials

    • Which authentication mechanisms are required for secure authentication?

    <p>Operating System, Web, Voice, Email, Fax, White Mail, Remote Access, and Network Device</p> Signup and view all the answers

    What action may result from the violation of the policy?

    <p>Disciplinary action, including termination of employment</p> Signup and view all the answers

    Who needs to approve the deviation from the policy?

    <p>Security Management Team and/or Legal Counsel</p> Signup and view all the answers

    What type of accounts should be monitored and changed periodically?

    <p>Vendors' remote access accounts</p> Signup and view all the answers

    What is the basis for assigning unique IDs to all users?

    <p>Passwords must not be shared</p> Signup and view all the answers

    What is required for remote access to the cardholder network?

    <p>Two-factor authentication</p> Signup and view all the answers

    Study Notes

    Password and Access Control Policy

    • The document is a draft version 0.1 of the Password and Access Control Policy.
    • The policy is created to meet PCI DSS requirements 7.1 & 7.2 and 8.5.
    • It applies to all systems and assets owned, managed, or operated by the organization.
    • The roles and responsibilities outlined include HR Role/Line Manager, Information Security Manager, and Systems Administrators.
    • User Authentication is based on the principle of least privilege and need-to-know basis.
    • Secure mechanisms for authentication are required for Operating System, Web, Voice, Email, Fax, White Mail, Remote Access, and Network Device.
    • Passwords must not be shared, and unique IDs are assigned to all users.
    • Access Control Configurations specify password requirements, including length, character types, reuse, history, lockout, and duration.
    • Two-factor authentication is required for remote access to the cardholder network.
    • Vendors' remote access accounts should be monitored and changed periodically.
    • Violation of the policy may lead to disciplinary action, including termination of employment.
    • Deviation from the policy requires a valid business case and approval by the Security Management Team and/or Legal Counsel.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on the draft version 0.1 of the Password and Access Control Policy, which is created to meet PCI DSS requirements and specifies rules for user authentication, secure mechanisms, password configurations, and consequences for policy violations.

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser