PCI requirement 8.3.1 states that organizations mu
Post# of 82686
(Total Views: 315)
Posted On: 01/31/2018 9:59:39 PM
PCI requirement 8.3.1 states that organizations must incorporate multi-factor authentication for all non-console access into the cardholder data environment (CDE) for personnel with administrative access by January of 2018.
MFA requirement:
MFA requires at least two of the three methods described in requirement 8.2:
•Something you know, Something you have, Something you are.
•Authentication methods should be independent of one another (ie. one authenticator shouldn’t give you access to the second authenticator).
•Authenticators should be conveyed through different network channels (i.e. OUT-OF-BAND authentication)
•All factors in MFA are verified prior the authentication mechanism granting access or providing knowledge of the success or failure of any one authenticator.
MFA requirement:
MFA requires at least two of the three methods described in requirement 8.2:
•Something you know, Something you have, Something you are.
•Authentication methods should be independent of one another (ie. one authenticator shouldn’t give you access to the second authenticator).
•Authenticators should be conveyed through different network channels (i.e. OUT-OF-BAND authentication)
•All factors in MFA are verified prior the authentication mechanism granting access or providing knowledge of the success or failure of any one authenticator.
(3)
(0)