| 💼 8.2.1 All users are assigned a unique ID before access to system components or cardholder data is allowed. | | | 2 | | no data |
| 💼 8.2.2 Group, shared, or generic accounts, or other shared authentication credentials are only used when necessary on an exception basis. | | 2 | 2 | | no data |
| 💼 8.2.3 Service providers with remote access to customer premises use unique authentication factors for each customer premises. | | | | | no data |
| 💼 8.2.4 Addition, deletion, and modification of user IDs, authentication factors, and other identifier objects are managed. | | | 1 | | no data |
| 💼 8.2.5 Access for terminated users is immediately revoked. | | | | | no data |
| 💼 8.2.6 Inactive user accounts are removed or disabled within 90 days of inactivity. | | | 1 | | no data |
| 💼 8.2.7 Accounts used by third parties to access, support, or maintain system components via remote access are managed. | | | | | no data |
| 💼 8.2.8 If a user session has been idle for more than 15 minutes, the user is required to re-authenticate to re-activate the terminal or session. | | | | | no data |