PCI Requirement 8.1.6 – Limit Repeated Access Attempts by Locking Out User ID After Six Attempts
PCI Requirement 8.1 – Define and Implement Policies and Procedures to Ensure Proper User Management
PCI Requirement 8.2.6 – Set Passwords for First-Time Use and Upon Reset to a Unique Value
PCI Requirement 6.1 – Establish a Process to Identify Security Vulnerabilities
PCI Requirement 8: Identify and Authenticate Access to System Components
PCI Requirement 8.1.2 – Control Addition, Deletion, and Modification of User IDs, Credentials
PCI Requirement 8.1.7 – Set Lockout Duration to a Minimum of 30 Minutes
PCI Requirement 8.1.8 – Require Re-Authentication After 15 Minutes of Inactivity
PCI Requirement 8.1.3 – Immediately Revoke Access for Terminated Users
PCI Requirement 8.1.5 – Manage IDs Used by 3rd Parties to Access, Support, or Maintain System Comps
PCI Requirement 8.4 – Document and Communicate Authentication Policies and Procedures to All Users
PCI Requirement 8.1.4 – Remove/Disable Inactive User Accounts Within 90 Days
PCI Requirement 8.5.1 – Remote Access to Customer Premises Must Use Unique Authentication
PCI Requirement 8.8 – Ensure Policies & Procedures for Authentication are Documented
PCI Requirement 8.2 – Ensure Proper User-Authentication Management by Something You Know
PCI Requirement 8.2.1 – Use Strong Cryptography to Render All Authentication Credentials Unreadable
PCI Requirement 7.1 – Limit Access to System Components and Cardholder Data
PCI Requirement 2.3 - Encryption
Information Technology Fundamentals - Using Access Controls (22)
PCI Requirement 10.4.1 – Critical Systems Have the Correct and Consistent Time
