top of page
< Back

2.1 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters


Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network.

This applies to ALL default passwords, including but not limited to those used by operating systems, software that provides security services, application and system accounts, point-of-sale (POS) terminals, payment applications, Simple Network Management Protocol (SNMP) community strings, etc.).

bottom of page