PCI audit for domain administrators

1143015 pts.
Tags:
Domain Controller
PCI compliance
System administrator
Our client is currently a Tier 1 PCI company and our auditor made a suggestion in regards to us as System Administrators / access rights. Right now, our entire Windows infrastructure is about 700 desktops and 80 servers, along with 10 domain controllers. Now, they're saying we should move to a system with three separate accounts, like this:
    • DOMAIN.CO.UKUserWS (WorkStations)
    • DOMAIN.CO.UKUserSRV (DC servers)
    • DOMAIN.CO.UKUserDC (Domain controllers)
Does this sound like a good idea to everyone? Thanks!
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

It’s indeed a good idea from the security perspectives. In fact, ISMS certification also recommends implementing this type environment in the Organization.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Kevin Beaver
    Whatever the auditors say in the name of compliance is always what's best, no? Sarcasm aside, it's not a bad idea if gaps or risks have been uncovered in that area.
    27,505 pointsBadges:
    report
  • Kevin Beaver
    Looking at this again, you need to consider the technical and business case. Is this being done in order to protect cardholder information accessible by these accounts? If so, can technical changes be made to the network as an alternative control?
    27,505 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: