PCI Requirement 8.2 – Ensure Proper User-Authentication Management by Something You Know, Something You Have, or Something You Are
by Randy Bartels / December 21st, 2017
 Proper User-Authentication Management PCI Requirement 8.2 adds an additional layer of security to user IDs by requiring something you know, something you have,…
PCI Requirement 8.1.8 – Require Re-Authentication After 15 Minutes of Inactivity
by Randy Bartels / December 21st, 2017
Inactive Sessions I’m sure you’ve witnessed or heard about situations where someone gets up from their workstation, but their session doesn’t log out. Inevitably,…
PCI Requirement 8.1.7 – Set Lockout Duration to a Minimum of 30 Minutes
by Randy Bartels / December 21st, 2017
 Account Lockout Duration Once a user account is locked out after six log-in attempts, that account must remain locked. PCI Requirement 8.1.7 states,…
PCI Requirement 8.1.6 – Limit Repeated Access Attempts by Locking Out User ID After No More Than Six Attempts
by Randy Bartels / December 21st, 2017
Appropriate Account Lockout Mechanisms PCI Requirement 8.1.6 states, “Limit repeated access attempts by locking out the user ID after no more than six attempts.”…
PCI Requirement 8.1.5 – Manage IDs Used by Third Parties to Access, Support, or Maintain System Components via Remote Access
by Randy Bartels / December 21st, 2017
Managing Third-Party Access PCI Requirement 8.1.5 focuses on managing third-party access to your system. In situations where you’ve given user IDs to third parties…