PCI (Payment Card Industry Security Standard)
Identify and authenticate access to system components
8.3.2 Incorporate multi-factor authentication for all remote network access (both user and administrator and including third-party access for support or maintenance) originating from outside the entity’s network.
This requirement is intended to apply to all personnel-including general users administrators and vendors (for support or maintenance) with remote access to the network-where that remote access could lead to access to the CDE. If remote access is to an entity’s network that has appropriate segmentation such that remote users cannot access or impact the cardholder data environment multi-factor authentication for remote access to that network would not be required. However multifactor authentication is required for any remote access to networks with access to the cardholder data environment and is recommended for all remote access to the entity’s networks.
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8