Password history storage. 2764
-
Hello,
Does Sarbanes-Oxley say anything specific about storing password history?
We are doing password rotation every x days and keeping a previous 3 most recent passwords.
Any help in this regard is appreciated.
Thanks,
SKG.
-
No. SOX does not contain any specific requirements concerning IT security.
-
I agree with gmerkl. I will add that SOX has no specific requirements about any controls. However there are best practices within the IT environment that should be followed. Having lax standards in your IT environment would constitute a SOX deficiency.
-
Also agree with both comments above … COBIT 4 is often used by SOX auditors for IT controls compliancy checklists and will share this resource.
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1920