Home page logo

educause logo Educause Security Discussion mailing list archives

PCI SAQ D, version 2.0. requirement 8.5 - two questions.
From: Nick Recchia <nprecchia () USFCA EDU>
Date: Tue, 13 Nov 2012 10:53:22 -0800

We have a couple question regarding PCI SAQ D version 2.0. requirement 8.5.

Requirement 8.5:
"Are proper user identification and authentication management controls in
place for non-consumer users and administrators on all system components,
as follows...." [1]

1) We had proposed to use Active Directory (AD) to manage requirement 8.5.
Does anyone have experience to indicate that AD will *not* work for this

2) Is anyone managing local user accounts, instead of AD user accounts,
within their PCI implementation?

Thanks for your input.


[1] there are 16 sub-requirements (8.5.1 - 8.5.16) that I did not paste
into this e-mail, but maybe found on

Nicholas Recchia, Ed.D.
Security Administrator
ITS - Security Services

University of San Francisco
Lone Mountain North - 236a
2130 Fulton Street
San Francisco, CA 94117
ITS Help Desk, Phone: 415-422-6668, E-mail: itshelp () usfca edu
Fax: 415-422-6719

  By Date           By Thread  

Current thread:
  • PCI SAQ D, version 2.0. requirement 8.5 - two questions. Nick Recchia (Nov 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]