PCI Requirement 8.6 – Authentication Mechanisms Must Not Be Shared Among Multiple Accounts
PCI v4.0 - 8.6.3: Passwords and Passphrases Are Protected from Misuse
PCI v4.0 - 8.6.1: Interactive Logins Are Managed Properly
PCI v4.0 - 8.6.2: Passwords and Passphrases For System Accounts Are Not Hardcoded
PCI Requirement 6.2 – Ensure all Systems and Software are Protected from Known Vulnerabilities
PCI Requirement 8.8 – Ensure Policies & Procedures for Authentication are Documented
PCI Requirement 8.1.6 – Limit Repeated Access Attempts by Locking Out User ID After Six Attempts
PCI Requirement 8.5 – Do Not Use Group, Shared, or Generic IDs, or Passwords
PCI Requirement 10.8 –Implement a Process for the Detection of Failures of Critical Control Systems
PCI Requirement 10.8.1 –Respond to Failures of Any Critical Security Controls in a Timely Manner
PCI Requirement 7.2.1 – Coverage of all System Components
PCI Requirement 12.7 – Screen Personnel Prior to Hire to Minimize the Risk of Attacks
PCI Requirement 8.1.2 – Control Addition, Deletion, and Modification of User IDs, Credentials
PCI Requirement 8.5.1 – Remote Access to Customer Premises Must Use Unique Authentication
PCI Monthly Update: December News, Deep Dive into Requirement 8, and QSA Q&A
PCI Requirement 8.1 – Define and Implement Policies and Procedures to Ensure Proper User Management
PCI Requirement 11.3 – Implement a Methodology for Penetration Testing
PCI Requirement 6.5.9 – Cross-Site Request Forgery
PCI Requirement 9.7 – Maintain Strict Control Over the Storage and Accessibility of Media
PCI Requirement 10.2.5 – Use of and Changes to Identification Accounts with Root Privileges