Which timing requirement applies to removing or disabling inactive user accounts?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

Which timing requirement applies to removing or disabling inactive user accounts?

Explanation:
Prompt deprovisioning of inactive user accounts is essential to minimize access risk. PCI DSS requires that accounts that are inactive be removed or disabled within 90 days, so unused credentials can’t be exploited. This 90-day timing strikes a balance between security and operational practicality, keeping access tightly controlled while avoiding excessive administrative burden. Longer windows, like 180 or 365 days, leave a larger window for misuse, and doing nothing maintains unnecessary risk. So, removing or disabling inactive accounts within 90 days is the best practice.

Prompt deprovisioning of inactive user accounts is essential to minimize access risk. PCI DSS requires that accounts that are inactive be removed or disabled within 90 days, so unused credentials can’t be exploited. This 90-day timing strikes a balance between security and operational practicality, keeping access tightly controlled while avoiding excessive administrative burden. Longer windows, like 180 or 365 days, leave a larger window for misuse, and doing nothing maintains unnecessary risk. So, removing or disabling inactive accounts within 90 days is the best practice.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy