<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is a part of the [Payment Card Industry Security Standards Council] ([PCI DSS]) standards and is probably most appropriate to [{$applicationname}]  visitors.

Assigning a [unique identification|Unique Identifier] (ID) to each [person] with [access] ensures that actions taken on [critical data|Sensitive Data] and systems are performed by, and can be traced to, known and [authorized] users. Requirements apply to all accounts, including point of sale accounts, with administrative capabilities and all accounts with access to stored [Cardholder Data]. \\
Requirements __do not apply__ to accounts used by consumers (e.g., [cardholders]).

! 8.1 
Define and implement policies and procedures to ensure proper user identification management for users and administrators on all system components. Assign all users a [unique user name|Unique Identifier] before allowing them to access system components or [Cardholder Data].

! 8.2 
Employ at least one of these to authenticate all users: 
* [Something You Know], such as a [password] or [passphrase]; 
* [Something You Have], such as a [token] device or smart card; 
* something you are, such as a [biometric]. 
Use __strong__ [Authentication Methods] and render all [passwords]/[passphrases] unreadable during [transmission|Data In Transit] and [storage|Data At Rest] using strong [cryptography].

! 8.3 
Secure all individual non-console [administrative|Privileged Identity] access and all remote access to the [Cardholder Data Environment] using [Multi-Factor Authentication]. This requires at least two of the three [Authentication Methods] described in 8.2 are used for [authentication]. Using one factor twice (e.g. using two separate [passwords]) is __NOT__ considered multi-factor authentication. This requirement applies to [administrative|Privileged Identity] personnel with non-console [access] to the [Cardholder Data Environment] from within the entity’s [network], and all remote network access (including for users, [administrative|Privileged Identity], and third-parties) originating from outside the entity’s network. (Note: The requirement for [Multi-Factor Authentication] for non-console [administrative|Privileged Identity] access from within the entity’s network is a [Best Practices] until 31 January [2018|Year 2018], after which it becomes a requirement.)

! 8.4 
Develop, implement, and communicate [authentication] [policies|Policy] and procedures to all users.

! 8.5 
Do __NOT__ use group, shared, or generic IDs, or other [Authentication Methods]. [Service Providers] with access to [customer] environments must use a __unique__ [authentication] [credential] (such as a [password]/[passphrase]) for each [customer] environment.

! 8.6 
Use of other [authentication mechanisms|Authentication Methods] such as physical [Security Token], [Smart Cards], and [certificates] [MUST] be assigned to an individual [account|Digital Identity].

! 8.7 
All access to any database containing cardholder data must be restricted: all user access must be through programmatic methods; only database administrators can have direct or query access; and application IDs for database applications can only be used by the applications (and not by users or non-application processes).

! 8.8 
Ensure that related security policies and operational procedures are documented, in use, and known to all affected parties.


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]























































































































































































































































































































































































































































































</pre>