Category: PCI DSS Requirement 8
Identify and authenticate access to system components.
PCI DSS Requirement 8 relates to access control. Within a role-based access control (RBAC) system, it is crucially important that every person or individual is uniquely accountable for any and all of their respective actions. This is accomplished by ensuring the assignment of a unique identifier (ID) to each person and individual. Shared usernames and passwords must be eradicated from environments to ensure unique accountability is maintained. These measures ensure that all actions within an environment, on systems surrounding storage, processing or transmitting sensitive data can be audited and traced back to unique users thus holding them directly accountable for access to sensitive cardholder data.
This RBAC system extends to the unique and individually assigned username as well as the associated password and associated security configurations thereof. The latter includes strength, complexity, frequency of change, secure storage and transmission thereof to name but a few. These controls surrounding unique identification and authentication to environments and systems all work collectively to secure the cardholder data environment and the sensitive cardholder data contained therein.
RSA SecurID provides world-leading two-factor authentication, protecting 25,000 organizations and 55 million users. RSA SecurID extends security to bring your…
- RSA World Headquarters174 Middlesex Turnpike Bedford, MA 01730, USA
We help organizations transform and simplify how they manage payment security, regulatory compliance and consumer data protection. Find out more about Sycurio here
- 101 Federal Street Suite 1900 Boston, MA 02110