8 – Assign a Unique ID to Each User
In the Reports Portal, select > > > eports or Dashboards > .
PCI Requirement 8 covers identification and authentication for all access to system components in the cardholder data environment (CDE). Basically, your enterprise must maintain and monitor changes to user accounts and password policies to prevent malicious users from gaining access to the CDE through weak passwords or by changing password policies. This requirements applies to all accounts with administrative features, including point-of-sale accounts; accounts used by vendors and third parties; and any account used to view cardholder data or access cardholder data or to access systems with cardholder data. This requirement does not apply to end-user accounts used by consumers.
To assess your enterprise's compliance with this requirement, use the following dashboards and reports:
| Dashboards | Reports |
|---|---|
|
Clear Text Password Transmission Password Policy Minimum Age Changed |
Clear Text Password Transmission
Reports events by IP address where passwords were transmitted in clear text. The table provides results by the target host name and IP address, the port used, the number of events, and when the clear text password was detected.
Password Policy Changes Overview
Provides, in charts and a table, an overview of policy changes on CDE assets. You can view a trend of changes made over time, changes to target user accounts, changes to target IP addresses, and changes by type.
Reports changes to the password policy over time in the CDE. The table provides results by the target IP address, the user who made the change, the change made, the number of events, and when the change occurred.
Password Policy Minimum Age Changed
Reports changes to the policy for the minimum password age over time in the CDE. The table provides results by the target IP address, the user who made the change, the change made, the number of events, and when the change occurred.
Reports successful password changes over time in the CDE. The table provides results by the target IP address and host name, the affected user account, the number of events, and when the most recent event occurred.
Reports user accounts that have been terminated but show successful authentication events after termination. The table provides results by the terminated account and when successful authentication occurred.
Reports all user accounts terminated in the CDE by termination date. The table provides results by the terminated account and when the account was terminated.
Provides, in charts and a table, an overview of Windows accounts that have been locked out. You can view a trend of events over time, events by target IP address, and events by the accounts locked out.
Windows Account Lockouts by System
Reports, by host system, all Windows accounts that have been locked out. The table provides results by the target host name, IP address, domain, and user; the number of lockouts; and when the most recent event occurred.
Windows Account Lockouts by User
Reports, by user and domain, all Windows accounts that have been locked out. The table provides results by the target domain and user, the number of lockouts, and when the most recent event occurred.