Privileged Password Compliance & Regulatory Guidelines

NIST 800-66
PCI DSS v3
Lesson Policy Description HIPAA Security HIPAA Section ISO 17799/27001
Section
Rule
Create User Account Password Complexity 8.2.3 164.308(a)(5)(ii)(D) 11.2.2, 11.3.1, 12.1.1

Create Privileged Account Password Complexity 8.2 11.3.1

Integration with Strong Authentication
Create 8.3 & 8.2.2 11.5.1
Methods
Create Maximum Login Attempts 8.1.6 164.308(a)(5)(ii)(D) 11.2.2, 11.3.1, 12.1.1

Create Lockout Duration 8.1.7 164.312(a)(1) 11.2.2, 11.3.1, 12.1.1

Create Privileged Account Construction 4.14.3 164.312(a)(4) 11.5.2

Store Central Automated Management 8.5 4.14.5 164.312(a)(4) 11.5.3

Store Password Vault Encryption 8.2.1 11.5.3

Access Role-Based Account Privileges 7.1.2, 7.1.3 11.2.2

Use Privileged Account Approval 4.14.6 164.312(a)(4) 11.2.4, 12.5.1

Rotate User Account Password Changes 8.2.4 164.308(a)(5)(ii)(D) 11.2.2, 11.3.1, 12.1.1

Rotate Privileged Account Password Changes 8.2.4 164.308(a)(5)(ii)(D) 11.2.2, 11.3.1, 12.1.1

Review Privileged Account Inventory 4.16.1 164.312(c)(1) 8.3.3, 11.2.4

Review Inactive Account Maintenance 8.1.4 8.3.3

Review Privileged User ID Activity Logging 8.1.2 4.15.1, 4.14.2, 4.14.4 164.312(b) 11.5.2

Review Password History 8.2.5 164.308(a)(5)(ii)(D) 11.2.2, 11.3.1, 12.1.1