top of page
< Back

2.2 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID

PCI DSS

(v3.2.1)

2.2

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

(v3.2.1)

Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.

Sources of industry-accepted system hardening standards may include, but are not limited to:
• Center for Internet Security (CIS)
• International Organization for Standardization (ISO)
• SysAdmin Audit Network Security (SANS) Institute
• National Institute of Standards Technology (NIST).

bottom of page