>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

8.5.1MFA systems are implemented as follows: The MFA system is not susceptible to replay attacks.

>Requirement Description

MFA systems are implemented as follows: The MFA system is not susceptible to replay attacks. MFA systems cannot be bypassed by any users, including administrative users unless specifically documented, and authorized by management on an exception basis, for a limited time period. At least two different types of authentication factors are used. Success of all authentication factors is required before access is granted. Applicability Notes This requirement is a best practice until 31 March 2025, after which it will be required and must be fully considered during a PCI DSS assessment.

>Cross-Framework Mappings

SCF

IAC-01
Compare
IAC-02.2
Compare
IAC-06
Compare
SEA-01
Compare

Ask AI

Configure your API key to use AI features.