Sprinto Dashboard

How to configure and resolve workflow checks for maintaining password policy for critical systems

Per the PCI-DSS data security framework, a robust password policy is required to maintain secure access to critical systems containing Cardholder Details (CHD). The following outlines the specific password requirements mandated by PCI-DSS:

  • Require Uppercase Characters: Ensure at least one uppercase character is included in the password. (Default = true)

  • Require Lowercase Characters: Mandate at least one lowercase character in the password. (Default = true)

  • Require Numbers: Enforce the inclusion of at least one numerical digit in the password. (Default = true)

  • Minimum Password Length: Set the minimum length for passwords. (Default = 7 or longer)

  • Password Reuse Prevention: Specify the number of unique passwords before permitting reuse. (Default = 4)

  • Max Password Age: Define the number of days before a password expires. (Default = 90)

Before You Begin

  • Log in on Sprinto as administrator.

Configuring Workflow Check

  1. Go to Security Hub > Workflow Checks.

  2. Click on Add Workflow Check.

  3. Locate Password Policy for Critical Systems Holding CHD in the workflow checklist and click Enable.

  4. On the Add Workflow Check page, click Edit to adjust the check frequency and assign personnel or configure an evidence reviewer if necessary. Note: The default frequency for the workflow check is every six months. You can customize the frequency as per your requirements.

  5. Click Enable.

Resolving Check

Once the check is activated, it will be in a "Due/Critical/Failing" status. To successfully pass the check, relevant evidence must be uploaded, and the status will be updated to "Passing."

Evidence: Upload a screenshot of the password policy ensuring the secure management of passwords for critical systems containing CHD.

  1. Log in to the Sprinto Admin portal and go to Security Hub > Workflow Checks > Active.

  2. Select the Password Policy for Critical Systems Holding CHD check.

  3. Click Upload Evidence.

  4. Choose the Evidence Record Date and opt for either the File or Link attachment option.

    • File: Upload the file from your computer.

    • Link: If the evidence is stored online, provide the shareable link.

  5. Click Finish.

Last updated