PCI | Kafka Documentation
Table of Contents
Compliance standards defintion
PCI compliance involves several requirements, refer to this page in order to see more detail regarding a definition of PCI and a requirements outline.
PCI standards require certain security features to be enabled in order to be compliant. These features aim to reduce access exposure as much as possible.
- User accounts are diasabled after 90 days of inactivity.
- Console sessions are terminated after 15 minutes of inactivity, requiring the user to start a new session by logging into the console again.
- Console sessions are terminated after 30 minutes of inactivity or until an administrator enabled the user ID.
- User passwords should be changed every 90 days at minimum
- When changing passwords, the last 5 passwords cannot be used. Instaclustr recommends choosing a password that is not similar to any of the last 5.
- Five consecutive failed login attempts in a 30 minute period will result in a lockout for 30 minutes, counting from the last attempt. A user who is locked out will be prevented from logging in during this time.
- Remote-access technologies with sessions will be automatically disconnected after a 15 minute period of inactivity.
- These security options are mandatory for PCI compliant accounts. Once enabled, disabling the PCI option requires the Technical Operations department to confirm the intent to disable.
Instaclustr only supports certain services and add-ons, see here for more details regarding compatibility and compliance.
Provisioning a PCI compliant cluster
For information regarding provisioning a PCI compliant cluster, please refer to the following articles:
- Provisioning a PCI compliant Cassandra cluster via the console
- Provisioning a PCI compliant Kafka cluster via the console
- Provisioning a PCI compliant cluster via the API
Transitioning an existing cluster to a PCI compliant cluster
If you are looking to transition an existing cluster to a PCI compliant cluster, please contact our support team at email@example.com.