Back to Dashboard
Req 8: Identify Users and Authenticate Access to System Components
Assign unique IDs and use strong authentication.
Responsibility
Shared
Compliance Status
In Progress
75%Overview
Accountability is key to security. This requirement ensures that all access to system components can be traced back to an individual user by assigning unique IDs and implementing strong authentication measures, including multi-factor authentication (MFA).
Key Actions for Compliance
A non-exhaustive list of actions your organization should take to meet this requirement.
- Assign a unique ID to each person with computer access to ensure accountability.
- Implement multi-factor authentication for all access into the cardholder data environment.
- Do not use shared, generic, or group IDs, passwords, or other authentication methods.
- Enforce strong password policies for all users.
Testing Procedures (Simplified)
How auditors may verify that this requirement is met.
- Examine user account lists to ensure that unique IDs are assigned to each user.
- Verify that multi-factor authentication is required for all remote access to the network and for all non-console administrative access.
- Review password policies to ensure they meet PCI DSS requirements for complexity, history, and rotation.