PCI Requirement 8.2.2 – Verify User Identity Before Modifying Any Authentication Credential
PCI v4.0 - 8.2.2: Group, Shared, or Generic Accounts Are Only Used When Necessary
PCI Requirement 8.2.1 – Use Strong Cryptography to Render All Authentication Credentials Unreadable
PCI Requirement 8.3.2 – Incorporate Multi-Factor Authentication for all Remote Network Access
PCI Requirement 8.1.2 – Control Addition, Deletion, and Modification of User IDs, Credentials
PCI Requirement 8.6 – Authentication Mechanisms Must Not Be Shared Among Multiple Accounts
PCI v4.0 - 11.3.1.2: Use Authenticated Vulnerability Scanning Tools for Internal Scans
PCI Requirement 2.2.5 - Remove all Unnecessary Functionality
PCI Requirement 8.8 – Ensure Policies & Procedures for Authentication are Documented
PCI Requirement 8.5.1 – Remote Access to Customer Premises Must Use Unique Authentication
PCI Requirement 10.2.2 – All Actions Taken by Any Individual with Root or Administrative Privileges
PCI Requirement 9.6.1 – Classify Media so the Sensitivity of the Data Can Be Determined
PCI Requirement 8.3 – Secure All Individual Non-Console Administrative Access
PCI Requirement 9.8 – Destroy Media When it is no Longer Needed
PCI Requirement 8.3.1 – Incorporate Multi-Factor Authentication for All Non-Console Access
PCI Requirement 2.2.4 - Configure System Security Parameters to Prevent Misuse
PCI Requirement 11.4 – Use Intrusion-Detection and/or Intrusion-Prevention Techniques
PCI Requirement 3.4.1 Logical Access Management
PCI Requirement 10.2.5 – Use of and Changes to Identification Accounts with Root Privileges
PCI Requirement 10.8 –Implement a Process for the Detection of Failures of Critical Control Systems
