8.3.1—All user access to system components for users and administrators is authenticated via at least one of the following authentication factors: Something you know, such as a password or passphrase.
>Requirement Description
All user access to system components for users and administrators is authenticated via at least one of the following authentication factors: Something you know, such as a password or passphrase. Something you have, such as a token device or smart card. Something you are, such as a biometric element. Applicability Notes This requirement is not intended to apply to user accounts on point-of-sale terminals that have access to only one card number at a time to facilitate a single transaction. This requirement does not supersede multi-factor authentication (MFA) requirements but applies to those in-scope systems not otherwise subject to MFA requirements. A digital certificate is a valid option for “something you have” if it is unique for a particular user.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.