PCI Requirement 8.3.2 – Incorporate Multi-Factor Authentication for all Remote Network Access
PCI v4.0 - 8.3.2: Use Strong Cryptography on All Authentication Factors
PCI Requirement 8.3.1 – Incorporate Multi-Factor Authentication for All Non-Console Access
PCI DSS 3.2: Req. 8.3.1
PCI Requirement 8.8 – Ensure Policies & Procedures for Authentication are Documented
PCI Requirement 6 – Develop and Maintain Secure Systems and Applications
PCI Requirement 8.1.7 – Set Lockout Duration to a Minimum of 30 Minutes
PCI Requirement 11.4 – Use Intrusion-Detection and/or Intrusion-Prevention Techniques
PCI Requirement 8.5.1 – Remote Access to Customer Premises Must Use Unique Authentication
PCI Requirement 10.2.5 – Use of and Changes to Identification Accounts with Root Privileges
PCI Requirement 11.2.3 – Perform Internal and External Scans and Rescans as Needed
PCI Requirement 10.3.2 – Type of Event
PCI Requirement 8.2.5 – New Passwords Can’t Be the Same as Any of the Last Four Passwords Used
PCI Requirement 12.3.8 – Automatic Disconnect of Sessions for Remote-Access Technologies
PCI Requirement 10.1 – Implement Audit Trails to Link all Access to System Components
PCI Requirement 10.5.4 – Write Logs for External-Facing Technologies onto a Secure Device
PCI Requirement 10.4.2 – Time Data is Protected
PCI Requirement 10.5.1 – Limit Viewing of Audit Trails to Those with a Job-Related Need
PCI Requirement 8.1.5 – Manage IDs Used by 3rd Parties to Access, Support, or Maintain System Comps
PCI Requirement 10.2.7 – Creation and Deletion of System-Level Objects