💼 8.3.10 If passwords/passphrases are used as the only authentication factor for customer user access to cardholder data, then guidance is provided to customer users.
-
Contextual name: 💼 8.3.10 If passwords/passphrases are used as the only authentication factor for customer user access to cardholder data, then guidance is provided to customer users.
-
ID:
/frameworks/pci-dss-v4.0.1/08/03/10 -
Located in: 💼 8.3 Strong authentication for users and administrators is established and managed.
Description
Additional requirement for service providers only.
Including:
- Guidance for customers to change their user passwords/passphrases periodically.
- Guidance as to when, and under what circumstances, passwords/passphrases are to be changed.
Similar
- Sections
/frameworks/pci-dss-v4.0/08/03/10
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 8.3.10 If passwords/passphrases are used as the only authentication factor for customer user access to cardholder data, then guidance is provided to customer users. | 1 | 1 | 3 |
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 8.3.10 If passwords/passphrases are used as the only authentication factor for customer user access to cardholder data, then guidance is provided to customer users. | 1 | 1 | 3 |
Sub Sections
Policies (2)
| Policy | Logic Count | Flags |
|---|---|---|
| 📝 AWS Account IAM Password Policy Number of passwords to remember is not set to 24 🟢 | 1 | 🟢 x6 |
| 📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢 | 1 | 🟢 x6 |