Category: PCI DSS Requirement 8
Identify and authenticate access to system components.
PCI DSS Requirement 8 releates to access control. Within a role based access control (RBAC) system, it is crucially important that every person or individual is uniquely accountable for any and all of their respective actions. This is accomplished by ensuring the assignment of a unique identifier (ID) to each person and individual. Shared usernames and passwords must be eradicated from environments to ensure unique accountability is maintained. These measures ensure that all actions within an environment, on systems surrounding storage, processing or transmitting sensitive data can be audited and traced back to unique users and thus holding them directly accountable for access to sensitive cardholder data.
This RBAC system extends to the unique and individually assigned username as well as the associated password and associated security configurations thereof. The latter including strength, complexity, frequency of change, secure storage and transmission thereof to name but a few. These controls surrounding unique identification and authentication to environments and systems all work collectively to secure the cardholder data environment and the sensitive cardholder data contained therein.
RSA SecurID provides world-leading two-factor authentication, protecting 25,000 organizations and 55 million users. RSA SecurID extends security to bring your…
- RSA World Headquarters174 Middlesex Turnpike Bedford, MA 01730, USA