Educause Security Discussion
mailing list archives
PCI SAQ D, version 2.0. requirement 8.5 - two questions.
From: Nick Recchia <nprecchia () USFCA EDU>
Date: Tue, 13 Nov 2012 10:53:22 -0800
We have a couple question regarding PCI SAQ D version 2.0. requirement 8.5.
"Are proper user identification and authentication management controls in
place for non-consumer users and administrators on all system components,
as follows...." 
1) We had proposed to use Active Directory (AD) to manage requirement 8.5.
Does anyone have experience to indicate that AD will *not* work for this
2) Is anyone managing local user accounts, instead of AD user accounts,
within their PCI implementation?
Thanks for your input.
 there are 16 sub-requirements (8.5.1 - 8.5.16) that I did not paste
into this e-mail, but maybe found on
Nicholas Recchia, Ed.D.
ITS - Security Services
University of San Francisco
Lone Mountain North - 236a
2130 Fulton Street
San Francisco, CA 94117
ITS Help Desk, Phone: 415-422-6668, E-mail: itshelp () usfca edu
- PCI SAQ D, version 2.0. requirement 8.5 - two questions. Nick Recchia (Nov 13)