[PCI DSS 3.0] [PCI DSS 3.0] 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of in

pcinetwork

PCINetwork.org Admin
#1
12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity

12.3.8.a Verify that the usage policies require automatic disconnect of sessions for remote-access technologies after a specific period of inactivity.

12.3.8.b Examine configurations for remote access technologies to verify that remote access sessions will be automatically disconnected after a specific period of inactivity.

Remote-access technologies are frequent "back doors" to critical resources and cardholder data. By disconnecting remote-access technologies when not in use (for example, those used to support your systems by your POS vendor, other vendors, or business partners), access and risk to networks is minimized.
 
Top