Password history storage. 2764
superkhoolguy last edited by
Does Sarbanes-Oxley say anything specific about storing password history?
We are doing password rotation every x days and keeping a previous 3 most recent passwords.
Any help in this regard is appreciated.
gmerkl last edited by
No. SOX does not contain any specific requirements concerning IT security.
kymike last edited by
I agree with gmerkl. I will add that SOX has no specific requirements about any controls. However there are best practices within the IT environment that should be followed. Having lax standards in your IT environment would constitute a SOX deficiency.
harrywaldron last edited by
Also agree with both comments above … COBIT 4 is often used by SOX auditors for IT controls compliancy checklists and will share this resource.