[PCI DSS 3.0] 12.5.4 Administer user accounts, including additions, deletions, and modifications.

[READ-ONLY] Archives [RETIRED] PCI DSS v3.0 Questions and Answers Forum Maintain an Information Security Policy (Requireme
1

12.5.4 Administer user accounts, including additions, deletions, and modifications.

12.5.4 Verify that responsibility for administering (adding, deleting, and modifying) user account and authentication management is formally assigned.

Each person or team with responsibilities for information security management should be clearly aware of their responsibilities and related tasks, through specific policy. Without this accountability, gaps in processes may open access into critical resources or cardholder data.