1. Home
2. Listings
3. PCI DSS Requirement 8

Category: PCI DSS Requirement 8

Identify and authenticate access to system components.
PCI DSS Requirement 8 relates to access control. Within a role-based access control (RBAC) system, it is crucially important that every person or individual is uniquely accountable for any and all of their respective actions. This is accomplished by ensuring the assignment of a unique identifier (ID) to each person and individual. Shared usernames and passwords must be eradicated from environments to ensure unique accountability is maintained. These measures ensure that all actions within an environment, on systems surrounding storage, processing or transmitting sensitive data can be audited and traced back to unique users thus holding them directly accountable for access to sensitive cardholder data.
This RBAC system extends to the unique and individually assigned username as well as the associated password and associated security configurations thereof. The latter includes strength, complexity, frequency of change, secure storage and transmission thereof to name but a few. These controls surrounding unique identification and authentication to environments and systems all work collectively to secure the cardholder data environment and the sensitive cardholder data contained therein.