If you are subject to PCI DSS then you have PCI DSS audits (and no, I am not an expert on the details).
Like any other audit standard -- maybe they catch you and maybe they don't. My *perception* is that the standard is aimed at a situation you may have seen: a retail store or similar that has some sort of management software and for reasons of laziness, ignorance or limited licensed seats every clerk is using the same login. RACF userids don't cost anything -- why would you not create one (or more) for each user? I suppose there are ISV products that are licensed by the named seat. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Pommier, Rex Sent: Wednesday, February 16, 2022 2:41 PM To: [email protected] Subject: Re: [EXTERNAL] Re: How to Get UserID in non-TSO REXX It probably is but PCI DSS is a standard. How does one electronically enforce it? My security team can have everybody sign a statement saying they won't share their ID/password with their buddy at the next desk but that won't physically stop them. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
