| 💼 8.1.1 Assign all users a unique ID before allowing them to access system components or cardholder data. | | 2 | 2 | | no data |
| 💼 8.1.2 Control addition, deletion, and modification of user IDs, credentials, and other identifier objects. | | 1 | 1 | | no data |
| 💼 8.1.3 Immediately revoke access for any terminated users. | | | | | no data |
| 💼 8.1.4 Remove/disable inactive user accounts within 90 days. | | | 1 | | no data |
| 💼 8.1.5 Manage IDs used by third parties to access, support, or maintain system components via remote access. | | | | | no data |
| 💼 8.1.6 Limit repeated access attempts by locking out the user ID after not more than six attempts. | | | | | no data |
| 💼 8.1.7 Set the lockout duration to a minimum of 30 minutes or until an administrator enables the user ID. | | | | | no data |
| 💼 8.1.8 If a session has been idle for more than 15 minutes, require the user to re-authenticate to re-activate the terminal or session. | | | | | no data |