Comment by tlogan
2 days ago
Sure. All true. But PCI compliance requires 90-day password rotation which might not be required if you’re using multi-factor authentication (MFA). In other words, in the case of MFA, that requirement might be waived: and the operative word here is might.
So, if you’re pursuing PCI compliance people don’t rely on assumptions or conditional language like might. Certainty is key when dealing with compliance frameworks.
No comments yet
Contribute on Hacker News ↗