PCI Requirement 8.1.2 – Control Addition, Deletion, and Modification of User IDs, Credentials
PCI v4.0 - 8.1.2: Have Requirement 8 Roles and Responsibilities In Place
PCI Requirement 8.1 – Define and Implement Policies and Procedures to Ensure Proper User Management
PCI Requirement 8.1.8 – Require Re-Authentication After 15 Minutes of Inactivity
PCI Requirement 8.1.3 – Immediately Revoke Access for Terminated Users
PCI Requirement 8.2.1 – Use Strong Cryptography to Render All Authentication Credentials Unreadable
PCI Requirement 8: Identify and Authenticate Access to System Components
PCI Requirement 2.1 - Always Change Vendor-Supplied Defaults
PCI Requirement 8.1.6 – Limit Repeated Access Attempts by Locking Out User ID After Six Attempts
PCI Requirement 8.2.6 – Set Passwords for First-Time Use and Upon Reset to a Unique Value
PCI Requirement 8.5.1 – Remote Access to Customer Premises Must Use Unique Authentication
PCI Requirement 8.6 – Authentication Mechanisms Must Not Be Shared Among Multiple Accounts
PCI Requirement 8.4 – Document and Communicate Authentication Policies and Procedures to All Users
PCI Requirement 8.2.2 – Verify User Identity Before Modifying Any Authentication Credential
PCI Requirement 8.2 – Ensure Proper User-Authentication Management by Something You Know
PCI Requirement 7.2.1 – Coverage of all System Components
PCI Requirement 8.8 – Ensure Policies & Procedures for Authentication are Documented
PCI Requirement 8.1.4 – Remove/Disable Inactive User Accounts Within 90 Days
PCI Requirement 9.1.2 – Implement Physical Controls to Restrict Access to Accessible Network Jacks
PCI Requirement 11.1 – Implement Processes to Test for the Presence of Wireless Access Points