We are using the SEM for our PCI DSS. The auditor require for us to show\provide evidence of our SEM to have the normal windows/server security (see below),
To be PCI compliant, organizations must follow these password requirements:
- Passwords/passphrases must have a minimum length of seven characters.
- Passwords/passphrases must contain both numbers and alphabetic characters.
- Users are required to change passwords/passphrases at least every 90 days.
- Password/passphrase parameters must be set to require the new password/passphrase to be different from the previous four passwords/passphrases.
- First-time passwords/passphrases for new users and reset passwords/passphrases for existing users must be unique to each user and changed after the first use.
- Limit repeated access attempts by locking out the user ID after not more than six attempts.
- Once a user is locked out of his account, the account remains locked for a minimum of 30 minutes or until a system administrator resets the account.
- Vendor-supplied defaults for system passwords/passphrases are not allowed.
- Passwords/passphrases must be encrypted during transmission and storage.
2) Is there a daily report for the SEM for executive summary for management that happened?