PCI Requirement- 8.5.9.a - 8.5.9.b Change user passwords at least every 90 daysID: oval:org.secpod.oval:def:6385 | Date: (C)2012-07-16 (M)2017-11-20 |
Class: COMPLIANCE | Family: macos |
For a sample of system components, obtain and inspect system configuration settings to verify that user password parameters are set to require users to change passwords at least every 90 days.
For service providers only, review internal processes and customer/user documentation to verify that non-consumer user passwords are required to change periodically and that non-consumer users are given guidance as to when, and under what circumstances, passwords must change.