Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Password History Validation - ACS for Windows 4.2.x


I'm evaluating the Secure ACS for Windows v4.2 platform against PCI DSS v2.0, specifically the "Implement Strong Access Control Measures" section.

We currently run version 4.0(1) Build 27 and use local user and password management.

For a variety of reasons I'd prefer to maintain this approach rather than pursue integration with an external identity store such as AD, but I need to know whether or not the in-bult password validation options are stringent enough to meet all of the relevant requirements.

I believe from the research I've done so far that version 4.2.x should meet the majority, but there is one in partiuclar about validation of previously used passwords that I'm still unclear on.

In the "Local Password Management" section of the ACS 4.2.1 User Guide (Text Part Number: OL-20208-01) it states that the password validation options include "Password is different from the previous value".

The PCI standard states: "Do not allow an individual to submit a new password that is the same as any of the last four passwords he or she has used."

Q) How many previous passwords is the newly submitted password validated against? Is it just the last one or will it check against more? Is there any way to configure how many it checks against?

Any help or guidance very much appreciated.



Everyone's tags (4)
CreatePlease login to create content