5 followers Follow
3
Avatar

PCI DSS - Two factor authentication report

Hi P9,

The PCI DSS certificate request two factor authentication to access administration environment. We need to prove for the auditor this is used by all of our P9 users, but this information is not visible in the users section/user details and neither in the API.

 

Please implement at least to see this is turned in or not on the users section.

Thank you in advance!

Istvan

Istvan Papp

Please sign in to leave a comment.

3 comments

0
Avatar

I also have a similar requirement.

ISO 27001

A.12.4.1 / 12.4.2 / 12.4.3

Has a requirement for log retention for users and also administrator access. We need to be able to report events, demonstrate logins and remote access attempts. P9 only supports a short period of logging (7 days).

This means we have to develop a tool to poll logins and store the results in a separate system.

We would request that P9 increase the logging functionality and retention period for:

- User Logins

- Remote Access 

Thanks

Joe Hughes 0 votes