PCI Requirement 8.1.8 – Require Re-Authentication After 15 Minutes of Inactivity
PCI Requirement 8.1 – Define and Implement Policies and Procedures to Ensure Proper User Management
PCI Requirement 8: Identify and Authenticate Access to System Components
PCI Requirement 8.1.2 – Control Addition, Deletion, and Modification of User IDs, Credentials
PCI Requirement 8.1.3 – Immediately Revoke Access for Terminated Users
PCI Requirement 8.1.7 – Set Lockout Duration to a Minimum of 30 Minutes
PCI Requirement 8.4 – Document and Communicate Authentication Policies and Procedures to All Users
PCI Requirement 8.1.5 – Manage IDs Used by 3rd Parties to Access, Support, or Maintain System Comps
PCI Requirement 8.1.6 – Limit Repeated Access Attempts by Locking Out User ID After Six Attempts
PCI Requirement 12.3.8 – Automatic Disconnect of Sessions for Remote-Access Technologies
PCI Requirement 8.3 – Secure All Individual Non-Console Administrative Access
PCI Requirement 10.5.2 – Protect Audit Trail Files from Unauthorized Modifications
PCI Requirement 7.1.4 – Require Documented Approval by Authorized Parties
PCI Requirement 9.7.1 – Properly Maintain Inventory Logs of All Media
PCI Requirement 10.5.3 – Promptly Back Up Audit Trail Files to a Centralized Log Server
PCI Requirement 10.3.1 – User Identification
PCI Requirement 12.3.10 – Prohibit the Moving of Cardholder Data onto Local Hard Drives
PCI Requirement 10.5.1 – Limit Viewing of Audit Trails to Those with a Job-Related Need
PCI Readiness Series: Penetration Testing
PCI Requirement 11.2.1 – Perform Quarterly Internal Vulnerability Scans