Sub-Requirement 8.6
8.6 Where other authentication mechanisms are used (for example, physical or logical security tokens, smart cards, certificates, etc.), use of these mechanisms must be assigned as follows (Type - Evolving Requirement):
- Authentication mechanisms must be assigned to an individual account and not shared among multiple accounts.
- Physical and/or logical controls must be in place to ensure only the intended account can use that mechanism to gain access.
- New Requirement: v3.0 November 2013
Copyright © Cloud Software Group, Inc. All rights reserved.