PCI Compliance Password Requirements | Best Practices to Know

PCI compliance password requirements as mandated by the Payment Card Industry Data Security Standards (PCI DSS) are clearly stated within Requirement 8 of Version 3.0 of the PCI DSS standards. Specifically, the PCI compliance password requirements are the following:

  • Require a minimum length of at least seven characters.
  • Contain both numeric and alphabetic characters.
  • Users to change passwords at least every 90 days.
  • Password parameters are set to require that new passwords cannot be the same as the four previously used passwords.
  • First-time passwords for new users, and reset passwords for existing users, are set to a unique value for each user and changed after first use
  • User accounts are temporarily locked-out after not more than six invalid access attempts.
  • Once a user account is locked out, it remains locked for a minimum of 30 minutes or until a system administrator resets the account.
  • System/session idle time out features have been set to 15 minutes or less.
  • Passwords are protected with strong cryptography during transmission and storage.

The PCI compliance password requirements are relatively straightforward, and can be easily set within any of today’s directory services, such as Active Directory.  For other systems that do not utilize a directory service for authentication, it’s imperative that passwords are established with the above baseline parameters for helping ensure the safety of the cardholder data environment.

One of the biggest mandates facing organizations regarding PCI DSS compliance is documentation – that’s right – you need policies and procedures for helping ensure rapid and swift compliance with the Payment Card Industry Data Security Standards (PCI DSS).  The solutions is to download the professionally developed PCI Policy Packets today from pcipolicyportal.com.

Download PCI Policies and Procedures Today from pcipolicyportal.com

PCI DSS compliance can be an incredibly challenging, tiresome, and time-consuming process, and a large part of this is due to the need for comprehensive information security and operational policies and procedures needing to be developed. Since 2009, we’ve been leading the industry in offering the very best documentation found anywhere, so visit pcipolicyportal.com to learn more today.

To learn more about PCI compliance passwords and how the global experts at pcipolicyportal.com can help your business, download our industry leading PCI DSS Policies Packets today.  From agriculture to information technology, whatever the industry is, pcipolicyportal.com has you covered with the best documentation found anywhere today.

PCI-policy-portal-banner-4

FREE 15 Minute

PCI DSS Consultation

Talk with a licensed team member and get your PCI questions answered

No thank you, I don't have any PCI compliance questions

Book a FREE 15 Minute

PCI DSS Consultation

Talk with a licensed PCI QSA and get your compliance questions answered

100% No Cost & No Obligation