💼 8.1 Define and implement policies and procedures to ensure proper user identification management for non-consumer users and administrators on all system components.

Contextual name: 💼 8.1 Define and implement policies and procedures to ensure proper user identification management for non-consumer users and administrators on all system components.
ID: /frameworks/pci-dss-v3.2.1/08/01
Located in: 💼 8 Identify and authenticate access to system components

Description

Empty...

Section	Internal Rules	Policies
💼 8.1.1 Assign all users a unique ID before allowing them to access system components or cardholder data.	2	2
💼 8.1.2 Control addition, deletion, and modification of user IDs, credentials, and other identifier objects.	1	1
💼 8.1.3 Immediately revoke access for any terminated users.
💼 8.1.4 Remove/disable inactive user accounts within 90 days.		1
💼 8.1.5 Manage IDs used by third parties to access, support, or maintain system components via remote access.
💼 8.1.6 Limit repeated access attempts by locking out the user ID after not more than six attempts.
💼 8.1.7 Set the lockout duration to a minimum of 30 minutes or until an administrator enables the user ID.
💼 8.1.8 If a session has been idle for more than 15 minutes, require the user to re-authenticate to re-activate the terminal or session.