PCI Requirements Review: Service Accounts and 3.6.6 standard
It’s time for the next of ten posts with a detailed analysis on a PCI Requirement! So far we’ve discussed PCI Requirement 4.1 and mobility, Sampling, and Patching & IPS. If you have a requirement you want reviewed, post it here! Today, it’s fun with a very specific interpretation, but I think we can cover this in a way that will be functional in most (if not all) modern setups. Now, on to our submitter: Requirement 3.6.6 – Specifically related to service accounts for applications where a human would have the service account password and the service account can then access the keys. There is are two security controls that we discuss in our critical control checklist that are missing ...
Continue Reading