[sap-security] SAP and PCI Compliance

Posted by Admin at

Share this post:

0 Comments

Question from mjc on Jul 2 at 10:40 AM

PCI requirement 8.2.4 requires users to change passwords at least every 90 days. We have established the necessary profile parameters in SAP to enforce this for all "dialog" users. The question we have now is if this requirement also applies to "system" users (i.e., accounts used in RFC connections, etc). Does anyone know of any documentation that addresses this specific issue. My take on it is that as long as the password for the "system" user meets the PCI length/strength requirements, there is no need to enforce a "change password every 90 days" rule on these types of user accounts. Doing so creates more risk than benefit as you would then have to modify RFC connections, etc every 90 days. Thoughts?

Thanks,
Michael

Reply to this email to post your response.

__.____._

Manage Settings | Unsubscribe | Create FAQ | Send Feedback

mjc

1 achievement

	View this online
	Ask a new question

In the Spotlight

Earn Recognition for Your Contributions at Toolbox for IT. Gain Points for Community Achievements

_.____.__

SAP Library - Find your answers

Grab this WidgetYou can show more than 5 recent posts using this simple blogger widget by Nitesh KOthari at Wolverine Hakcs.

Click on more Feeds rss Most Popular

More ?This is SAP books Best Buy section. Click on the pics below to check more on the best SAP books.

Click on more to know more about such productsSAP Chat Room

More ?These are the Recommended products from SAP OSS Notes Team

Click on more to see more such downloadsRecommended