,欢迎您!
登录您的红帽帐户
尚未注册?下面是您应该进行注册的一些理由:
- 从一个位置浏览知识库文章、管理支持案例和订阅、下载更新以及执行其他操作。
- 查看组织内的用户,以及编辑他们的帐户信息、偏好设置和权限。
- 管理您的红帽认证,查看考试历史记录,以及下载认证相关徽标和文档。
您可以使用红帽帐户访问您的会员个人资料、偏好设置以及其他服务,具体决取决于您的客户状态。
出于安全考虑,如果您在公共计算机上通过红帽服务进行培训或测试,完成后务必退出登录。
退出红帽博客
Blog menu
This is my sixth post dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement seven (i.e. the requirement to restrict access to cardholder data by business need to know). The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.
Section 7 of the PCI DSS standard talks about access control and limiting the privileges of administrative accounts. IdM can play a big role in addressing these requirements. IdM provides several key features that are related to access control and privileged account management. The first one is
host-based-access-control (HBAC). With HBAC, one can centrally define which groups of users can access which groups of systems using which login services. Another feature is an ability to centrally define sudo rules that control which users can run which commands on which systems as other users (usually as root). Yet another capability worth mentioning is the ability to define how user account are mapped to the SELinux user. Using this feature one can, for example, prevent developer accounts from touching executables on production machines while still enabling them read access to some of the parts of the application data and log(s) for better troubleshooting of potential bugs or misconfigurations.
Questions about how Identity Management relates to requirement seven? Reach out using the comments section (below).