PCI DSS 3.2 Req 8.3.1 - Views on Multi-Factor Authentication

Back to main Blog

Senior Manager

If you're classified as a service provider or merchant, you're required to implement multi-factor authentication for any non-console administrative access into your cardholder data environment . There are multiple ways this can be accomplished, and you should consult with your QSA about the most appropriate way for you and your company to make it happen.

Click to see a short video on PCI DSS 3.2’s Section 8.3.1 requirements

PCI DSS 3.2: Req. 8.3.1


Freed Maxick 8.3.1 Guidance   

Multi-factor authentication is a means to confirm a user’s claimed identity through knowledge, something they and only they know as well as possession, something they and only they have. MFA creates a defense mechanism which makes it more difficult for hackers or unauthorized users to access system resources.


PCI DSS Resources 

To receive more insights and guidance on 8.3.1 compliance and other PCI DSS requirements, read our blog post and get a downloadable overview of all recent updates and revisions.

Freed Maxick services for PCI DSS Compliance can be found here. If you wish for a more detailed discussion of your organization’s situations and needs, contact us or call me at 716.847.2651

Stay up to date