Sysadmin

12 readers

1 users here now

A reddit dedicated to the profession of Computer System Administration.

founded 2 years ago

MODERATORS

Which regulations still require scheduled password rotation (maximum password age) for security compliance in 2024? (zerobytes.monster)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink hide all child comments

This is an automated archive.

The original was posted on /r/sysadmin by /u/lighthills on 2024-01-22 15:36:18+00:00.

For years, NIST has recommended against requiring password changes on an arbitrary schedule. However, there are caveats requiring controls on the quality of the passwords (beyond just upper/lower/special character etc.) and you are required to have methods in places to detect compromised passwords so you will immediately know when the password needs to be changed due to a breach. If you don't have that in place, you still need to rotate the passwords regularly when following NIST.

I heard that PCI no longer requires maximum password age limits. What's still left?

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here