[READ-ONLY] Archives

Topic	Views	Activity
[PCI DSS 3.0] 8.7 All access to any database containing cardholder data (including access by applications, adminis Implement Strong Access Control Measures (Requirem requirement-8:-ident	5264	September 23, 2014
[PCI DSS 3.0] 8.6 Where other authentication mechanisms are used Implement Strong Access Control Measures (Requirem requirement-8:-ident	2548	September 23, 2014
[PCI DSS 3.0] 8.5.1 Additional requirement for service providers: Service providers with remote access to customer Implement Strong Access Control Measures (Requirem requirement-8:-ident	2230	September 23, 2014
[PCI DSS 3.0] 8.5 Do not use group, shared, or generic IDs, passwords, or other authentication methods as follows: Implement Strong Access Control Measures (Requirem requirement-8:-ident	2978	September 23, 2014
[PCI DSS 3.0] 8.4 Document and communicate authentication procedures and policies to all users including: Implement Strong Access Control Measures (Requirem requirement-8:-ident	2357	September 23, 2014
[PCI DSS 3.0] 8.3 Incorporate two-factor authentication for remote network access originating from outside the net Implement Strong Access Control Measures (Requirem requirement-8:-ident	1801	September 23, 2014
[PCI DSS 3.0] 8.2.6 Set passwords/phrases for first- time use and upon reset to a unique value for each user, and Implement Strong Access Control Measures (Requirem requirement-8:-ident	2413	September 23, 2014
[PCI DSS 3.0] 8.2.5 Do not allow an individual to submit a new password/phrase that is the same as any of the last Implement Strong Access Control Measures (Requirem requirement-8:-ident	2800	September 23, 2014
[PCI DSS 3.0] 8.2.4 Change user passwords/passphrases at least every 90 days. Implement Strong Access Control Measures (Requirem requirement-8:-ident	2783	September 23, 2014
[PCI DSS 3.0] 8.2.3 Passwords/phrases must meet the following: Implement Strong Access Control Measures (Requirem requirement-8:-ident	2558	September 23, 2014
[PCI DSS 3.0] 8.2.2 Verify user identity before modifying any authentication credential—for example, performing pa Implement Strong Access Control Measures (Requirem requirement-8:-ident	2512	September 23, 2014
[PCI DSS 3.0] 8.2.1 Using strong cryptography, render all authentication credentials (such as passwords/phrases) u Implement Strong Access Control Measures (Requirem requirement-8:-ident	4091	September 23, 2014
[PCI DSS 3.0] 8.2 In addition to assigning a unique ID, ensure proper user-authentication management for non-consu Implement Strong Access Control Measures (Requirem requirement-8:-ident	1646	September 23, 2014
[PCI DSS 3.0] 8.1.8 If a session has been idle for more than 15 minutes, require the user to re-authenticate to re Implement Strong Access Control Measures (Requirem requirement-8:-ident	3627	September 23, 2014
[PCI DSS 3.0] 8.1.7 Set the lockout duration to a minimum of 30 minutes or until an administrator enables the user Implement Strong Access Control Measures (Requirem requirement-8:-ident	2562	September 23, 2014
[PCI DSS 3.0] 8.1.6 Limit repeated access attempts by locking out the user ID after not more than six attempts. Implement Strong Access Control Measures (Requirem requirement-8:-ident	3303	September 23, 2014
[PCI DSS 3.0] 8.1.5 Manage IDs used by vendors to access, support, or maintain system components via remote access Implement Strong Access Control Measures (Requirem requirement-8:-ident	2830	September 23, 2014
[PCI DSS 3.0] 8.1.4 Remove/disable inactive user accounts at least every 90 days. Implement Strong Access Control Measures (Requirem requirement-8:-ident	4195	September 23, 2014
[PCI DSS 3.0] 8.1.3 Immediately revoke access for any terminated users. Implement Strong Access Control Measures (Requirem requirement-8:-ident	2872	September 23, 2014
[PCI DSS 3.0] 8.1.2 Control addition, deletion, and modification of user IDs, credentials, and other identifier ob Implement Strong Access Control Measures (Requirem requirement-8:-ident	5304	September 23, 2014
[PCI DSS 3.0] 8.1.1 Assign all users a unique ID before allowing them to access system components or cardholder da Implement Strong Access Control Measures (Requirem requirement-8:-ident	2432	September 23, 2014
[PCI DSS 3.0] 8.1 Define and implement policies and procedures to ensure proper user identification management for Implement Strong Access Control Measures (Requirem requirement-8:-ident	1659	September 23, 2014
[PCI DSS 3.0] 7.3 Ensure that security policies and operational procedures for restricting access to cardholder da Implement Strong Access Control Measures (Requirem requirement-7:-restr	12589	September 23, 2014
[PCI DSS 3.0] 7.2.3 Default “deny-all” setting. Implement Strong Access Control Measures (Requirem requirement-7:-restr	13714	September 23, 2014
[PCI DSS 3.0] 7.2.2 Assignment of privileges to individuals based on job classification and function. Implement Strong Access Control Measures (Requirem requirement-7:-restr	12080	September 23, 2014
[PCI DSS 3.0] 7.2.1 Coverage of all system components Implement Strong Access Control Measures (Requirem requirement-7:-restr	12962	September 23, 2014
[PCI DSS 3.0] 7.2 Establish an access control system for systems components that restricts access based on a user’ Implement Strong Access Control Measures (Requirem requirement-7:-restr	11937	September 23, 2014
[PCI DSS 3.0] 7.1.4 Require documented approval by authorized parties specifying required privileges. Implement Strong Access Control Measures (Requirem requirement-7:-restr	13001	September 23, 2014
[PCI DSS 3.0] 7.1.3 Assign access based on individual personnel’s job classification and function. Implement Strong Access Control Measures (Requirem requirement-7:-restr	12499	September 23, 2014
[PCI DSS 3.0] 7.1.2 Restrict access to privileged user IDs to least privileges necessary to perform job responsibi Implement Strong Access Control Measures (Requirem requirement-7:-restr	12585	September 23, 2014