Chapter 9: Policy and Compliance
Solution to Activity 9.1: Policy Documents
Policy | Provides high-level requirements for a cybersecurity program |
Standard | Offers detailed requirements for achieving security control objectives |
Guideline | Includes advice based on best practices for achieving security goals that are not mandatory |
Procedure | Outlines a step-by-step process for carrying out a cybersecurity activity |
Solution to Activity 9.3: Compliance Auditing Tools
The testing procedures for PCI DSS requirement 8.2.3 instruct auditors to inspect system configuration settings and verify that the user password/passphrase requirements are set to require a minimum length of at least seven characters and to require that passwords contain both alphabetic and numeric characters.