Skip to main content

💼 8.3.10 If passwords/passphrases are used as the only authentication factor for customer user access to cardholder data, then guidance is provided to customer users.

Description

Additional requirement for service providers only.

Including:

  • Guidance for customers to change their user passwords/passphrases periodically.
  • Guidance as to when, and under what circumstances, passwords/passphrases are to be changed.

Similar

  • Sections
    • /frameworks/pci-dss-v3.2.1/08/02/04
    • /frameworks/pci-dss-v4.0.1/08/03/10
  • Internal
    • ID: dec-c-0cda3633

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 PCI DSS v3.2.1 → 💼 8.2.4 Change user passwords/passphrases at least once every 90 days.2
💼 PCI DSS v4.0.1 → 💼 8.3.10 If passwords/passphrases are used as the only authentication factor for customer user access to cardholder data, then guidance is provided to customer users.13

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 PCI DSS v3.2.1 → 💼 8.2.4 Change user passwords/passphrases at least once every 90 days.2
💼 PCI DSS v4.0.1 → 💼 8.3.10 If passwords/passphrases are used as the only authentication factor for customer user access to cardholder data, then guidance is provided to customer users.13

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags
💼 8.3.10.1 If passwords/passphrases are used as the only authentication factor for customer user access then either passwords/passphrases are changed at least once every 90 days, or the security posture of accounts is dynamically analyzed.1

Policies (2)

PolicyLogic CountFlags
📝 AWS Account IAM Password Policy Number of passwords to remember is not set to 24 🟢1🟢 x6
📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-f7c2faac1