Security Preferences The bomb advises you about potential problems and helps you steer clear of disaster. Be extremely careful in changing the setting. Changing that parameter setting will have a verry strong impact on the systems functionality. It may cause the system to produce incorrect financial and statistical figures and the system may even stop working properly. Do not change the parameter if you are not absolutelly sure what you are doing, Contact your system vendor first!

The Security page is used to specify settings for the required password, user settings and the keeping of credit card numbers if the tokenization is not enabled.

How to get here?

 

 

 

 

 

 

 

PCI / PABP Settings (from version 10.1 PCI or 10.2). More about PCI...

Strong Password Check

A password that contains both alphanumeric (both upper- and lower case) and numeric characters, with optional special characters. The definition of a strong password is defined in the PCI DSS section  8.5.11.

  • PCI configurations: this setting cannot be disabled.

  • Non PCI: all passwords are allowed.

Minimum password length

The minimum number of characters in the password.

  • PCI configurations: 7-99 characters (PCI DSS section 8.5.10).

  • Non PCI: 0-99 characters, but a password of minimum one character is enforced even when set to 0.

Number of days a password is valid

The number of days after which a user will be forced to change her or his password (0-99). The maximum value is 90. Users may change passwords ahead of time, after which a new validity window starts.

  • PCI configurations: 1-90 days (PCI DSS section 8.5.9).

  • Non PCI: 1 to 99 days. Password never expires if set to 0.

Number of history passwords to check

Indicates that you may not specify a password that is the same as any of the last xxx passwords that have been used.

  • PCI configurations: 4-9 passwords (PCI DSS section 8.5.12).

  • Non PCI: 0-9 passwords. No validation if set to 0.

Number of login attempts before lock out

Indicates the maximum number of login attempts with incorrect user credentials after which the user will be locked out for a configurable period of time. A successful login resets the number of login attempts to 0.

  • PCI configurations: 2-6 attempts (PCI DSS section 8.5.13)

  • Non PCI: 2-9 attempts.

Number of minutes a user is locked out after a failed login

In case a user attempts to login too often with incorrect credentials, that user will be locked out for the specified number of minutes. A system administrator can clear lock-out status by changing the status of the user back to 'Active' in the user definition.

  • PCI configurations: 30-999 minutes (PCI DSS section 8.5.14).

  • Non PCI: 0-999 minutes. No locked out if set to 0.

Number of inactivity minutes before a user log out

User will be required to reconfirm their login after a period of system inactivity.

  • PCI configurations: 5-15 minutes (PCI DSS, section 8.5.15).

  • Non PCI: 0-999 minute. No reconfirm required if set to 0.

Number of account inactivity days before account is disabled

A user account that has not been used for a number of days will be disabled and denied access to PMPRO. A system administrator can clear lock-out status by changing the status of the user back to 'Active' in the user definition.

  • PCI configurations: 14-90 days (PCI DSS section 8.5.5).

  • Non PCI: 14-999 days.

Cleanup CC numbers after ... days

This settings specifies the number of days after check-out after which credit card details are being purged from the history. This setting is being used at the time of Night Audit.

60-999 days.

  • PCI configurations: 60-999 days. PCI Data Security Standards do not dictate a certain value for data retention.

  • Non PCI: 60-999 days.

Log to event log

Not in use anymore. This is handled by the 'Amadeus_ProgramSetting_SwitchOnLogging.exe' in the ..\PMS folder.

 

 

OK

Save the changes in the Preferences

Cancel

Close the preferences without saving-

Apply

Apply changes without closing the preferences