Learn more at [ Ссылка ]
If your organization uses something you have as an authentication mechanism, like a type of physical device such as a token, smart card or certificate, we need to make sure that the authentication device can only be assigned to and used by one individual. If authentication mechanisms can be used by multiple accounts, it may be impossible to identify the individual using the authentication mechanism. PCI Requirement 8.6 requires that authentication mechanisms must not be shared among multiple accounts and physical and/or logical controls must be in place to ensure only the intended account can use that mechanism to gain access. The PCI DSS states, “Having physical and/or logical controls (for example, a PIN, biometric data, or a password) to uniquely identify the user of the account will prevent unauthorized users from gaining access through use of a shared authentication mechanism.”
During an assessment, an assessor will examine your authentication mechanisms and policies and procedures to ensure that you do not share authentication mechanisms among multiple accounts and appropriate physical and/or logical controls are in place.
Stay Connected
Twitter: [ Ссылка ]
LinkedIn: [ Ссылка ]
Facebook: [ Ссылка ]
More Free Resources
Blog: [ Ссылка ]
Webinars: [ Ссылка ]
Videos: [ Ссылка ]
White Papers: [ Ссылка ]
About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, ISO 27001, FISMA, and CFPB frameworks.
For more about KirkpatrickPrice: [ Ссылка ]
Contact us today: 800-770-2701 [ Ссылка ]
