FAQ #1067 Diff

Can you provide clarification on the user passwords referenced in PCI DSS 8.5?

Earlier Version
2008-02-24T00:00:00+00:00

Later Version
2015-09-10T19:49:24+00:00

Removed

Added

PCI DSS ~~requirement~~Requirement ~~8.5~~8 addresses secure authentication requirements and requires that all ~~user~~passwords ~~passwords~~and other authentication credentials be securely managed. These requirements apply to all non-consumer users ~~(not~~and ~~the~~administrators. ~~cardholder)~~The term ?non-consumer user? refers to all individuals, excluding cardholders, who access system components, including employees, administrators, and ~~administrators,~~third not to credentials supplied by applications or systems. If the passwords are not used by individuals to log on to systems or accounts, and appropriate controls exist to mitigate the risk to passwords, all the requirements in 8.5 may not apply. However, it is an information security best practice to securely manage passwords used by applications and systems, which typically have administrative rights.parties.

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.