PCI Requirement 2
Do Not Use Vendor-Supplied Defaults
Welcome to PCI Requirement 2. Did you know that vendor-supplied default information, such as account names and passwords, pose a serious threat to your organization’s security? Yes, vendor-supplied defaults might make installation or even support easier, but they also make it pretty simple for hackers to find the information needed to attack and exploit your system. How can we prevent this?
PCI Requirement 2 was created to help organizations fight hackers who try to compromise systems with vendor-supplied default information. In these videos, you will learn strategies for changing vendor-supplied defaults, implementing industry-accepted hardening standards, removing all unnecessary functionality, maintaining an inventory of your system components, and more. Click on a video below to get started with PCI Requirement 2.

Introduction to PCI Requirement 2

PCI Requirement 2.1 – Always Change Vendor-Supplied Defaults

PCI Requirement 2.1.1 – Change all Wireless Vendor Defaults

PCI Requirement 2.2 – Develop configuration standards for all system components

PCI Requirement 2.2.1 – Implement Only One Primary Function Per Server

PCI Requirement 2.2.2 – Enable Only Necessary Services, Protocols and Daemons

PCI Requirement 2.2.3 – Implement Additional Security Features

PCI Requirement 2.2.4 – Configure System Security Parameters to Prevent Misuse

PCI Requirement 2.2.5 – Remove all Unnecessary Functionality

PCI Requirement 2.3 – Encryption
PCI Requirement…

PCI Requirement 2.4 – Maintain an Inventory of In-Scope System Components

PCI Requirement 2.5 – Ensure Security Policies Are Known to All Affected Parties
