PCI (Payment Card Industry Security Standard)_Req 2.2.5

PCI (Payment Card Industry Security Standard)

Do not use vendor-supplied defaults for system passwords and other security measures

Req 2.2.5

2.2.5 Remove all unnecessary functionality such as scripts drivers features subsystems file systems and unnecessary web servers.

Unnecessary functions can provide additional opportunities for malicious individuals to gain access to a system. By removing unnecessary functionality organizations can focus on securing the functions that are required and reduce the risk that unknown functions will be exploited. Including this in server-hardening standards and processes addresses the specific security implications associated with unnecessary functions (for example by removing/disabling FTP or the web server if the server will not be performing those functions).


Click here to Start your FREE trial today!

Explainer video


What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video