On 20/01/2011 13:12, Adam Tauno Williams wrote:
On Thu, 2011-01-20 at 11:05 +0000, John Hodrien wrote:An account is a personal account that should not be shared.+1 Also, at least in the United States, locking a PC / workstation after 15 minutes of idle is a requirement of PCI/DSS - which your company almost certainly agreed to if you process credit card or other payment information. HIPPA, FERPA, and friends have similar requirements / strong-recommendations. Ask a competent lawyer and he'll/she'll tell you to lock unattended workstations. This has nothing to do with auditing the access to or usage of data - that is a separate issue.
Yes, what you mention then becomes a legal compliance issue.Note, however, that many small companies completely outsource credit card payment by using third-party processing (e.g. Worldpay). This means they have no card data environment and don't need to comply with PCI/DSS in their offices. Even companies that do in-house card payment processing only have to enforce PCI/DSS in their CDE.
I can't speak for HIPPA, SOX etc... but automatic locking is part of IT best practice.
-- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: giles@xxxxxxxxxxx Skype: gilescoochey
<<attachment: smime.p7s>>
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
