PCI Requirement 8.8 – Ensure Policies & Procedures for Authentication are Documented
PCI Readiness Series: Requirement 8
PCI Requirement 8.4 – Document and Communicate Authentication Policies and Procedures to All Users
PCI Requirement 8.6 – Authentication Mechanisms Must Not Be Shared Among Multiple Accounts
PCI Requirement 8.1.7 – Set Lockout Duration to a Minimum of 30 Minutes
PCI Requirement 8.3 – Secure All Individual Non-Console Administrative Access
PCI Requirement 11 - Regularly Test Security Systems & Processes
PCI Requirement 8.2 – Ensure Proper User-Authentication Management by Something You Know
PCI Requirement 8.2.2 – Verify User Identity Before Modifying Any Authentication Credential
PCI Requirement 8.3.2 – Incorporate Multi-Factor Authentication for all Remote Network Access
PCI Requirement 8.1.6 – Limit Repeated Access Attempts by Locking Out User ID After Six Attempts
PCI Requirement 11.2.3 – Perform Internal and External Scans and Rescans as Needed
PCI Requirement 9.7 – Maintain Strict Control Over the Storage and Accessibility of Media
PCI Requirement 10.2.7 – Creation and Deletion of System-Level Objects
PCI Readiness Series: Penetration Testing
PCI Requirement 10.5.2 – Protect Audit Trail Files from Unauthorized Modifications
PCI Requirement 10.5.3 – Promptly Back Up Audit Trail Files to a Centralized Log Server
PCI Requirement 10.5.4 – Write Logs for External-Facing Technologies onto a Secure Device
PCI Requirement 9.4.1 – Visitors are Authorized Before Entering, and Escorted at all Times
PCI Requirement 8.1.5 – Manage IDs Used by 3rd Parties to Access, Support, or Maintain System Comps
