PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1066 Published

Can you define "Inactive User" as used in PCI DSS requirement 8.5.5?

An inactive user is one whose account has not been used in over 90 days. Note that section 8.5 requirements only apply to “non-consumer users” or those individuals that access systems within the cardholder environment, including but not limited to employees, contractors, administrators, and other third parties.

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.