|
[PCI DSS 3.0] 8.8 Ensure that security policies and operational procedures for identification and authentication a
|
|
0
|
2168
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.7 All access to any database containing cardholder data (including access by applications, adminis
|
|
0
|
5182
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.6 Where other authentication mechanisms are used
|
|
0
|
2500
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.5.1 Additional requirement for service providers: Service providers with remote access to customer
|
|
0
|
2181
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.5 Do not use group, shared, or generic IDs, passwords, or other authentication methods as follows:
|
|
0
|
2897
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.4 Document and communicate authentication procedures and policies to all users including:
|
|
0
|
2308
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.3 Incorporate two-factor authentication for remote network access originating from outside the net
|
|
0
|
1759
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.2.6 Set passwords/phrases for first- time use and upon reset to a unique value for each user, and
|
|
0
|
2366
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.2.5 Do not allow an individual to submit a new password/phrase that is the same as any of the last
|
|
0
|
2745
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.2.4 Change user passwords/passphrases at least every 90 days.
|
|
0
|
2739
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.2.3 Passwords/phrases must meet the following:
|
|
0
|
2511
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.2.2 Verify user identity before modifying any authentication credential—for example, performing pa
|
|
0
|
2462
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.2.1 Using strong cryptography, render all authentication credentials (such as passwords/phrases) u
|
|
0
|
4026
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.2 In addition to assigning a unique ID, ensure proper user-authentication management for non-consu
|
|
0
|
1562
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.1.8 If a session has been idle for more than 15 minutes, require the user to re-authenticate to re
|
|
0
|
3575
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.1.7 Set the lockout duration to a minimum of 30 minutes or until an administrator enables the user
|
|
0
|
2507
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.1.6 Limit repeated access attempts by locking out the user ID after not more than six attempts.
|
|
0
|
3252
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.1.5 Manage IDs used by vendors to access, support, or maintain system components via remote access
|
|
0
|
2775
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.1.4 Remove/disable inactive user accounts at least every 90 days.
|
|
0
|
4141
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.1.3 Immediately revoke access for any terminated users.
|
|
0
|
2827
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.1.2 Control addition, deletion, and modification of user IDs, credentials, and other identifier ob
|
|
0
|
5259
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.1.1 Assign all users a unique ID before allowing them to access system components or cardholder da
|
|
0
|
2377
|
September 23, 2014
|
|
[PCI DSS 3.0] 8.1 Define and implement policies and procedures to ensure proper user identification management for
|
|
0
|
1609
|
September 23, 2014
|