Which requirement governs the control over the addition, deletion, and modification of user IDs, credentials, and other identifier objects?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

Which requirement governs the control over the addition, deletion, and modification of user IDs, credentials, and other identifier objects?

Explanation:
Controlling the lifecycle of identifiers is what keeps access tied to real people and current roles. This means having a formal process to provision (create), modify, and deprovision (delete) user IDs, credentials, and other identifier objects. When these processes exist and are followed, new users get appropriate access from day one, changes in roles adjust permissions correctly, and former users’ access is removed promptly. This creates a clear, auditable trail of who has access and why, which is exactly what PCI DSS requires for identity management and access control. Other options cover related topics like how authentication is performed or how access is monitored, but they don’t address the essential lifecycle management of accounts itself—who gets an account, what rights they have, and how those rights are updated or revoked.

Controlling the lifecycle of identifiers is what keeps access tied to real people and current roles. This means having a formal process to provision (create), modify, and deprovision (delete) user IDs, credentials, and other identifier objects. When these processes exist and are followed, new users get appropriate access from day one, changes in roles adjust permissions correctly, and former users’ access is removed promptly. This creates a clear, auditable trail of who has access and why, which is exactly what PCI DSS requires for identity management and access control.

Other options cover related topics like how authentication is performed or how access is monitored, but they don’t address the essential lifecycle management of accounts itself—who gets an account, what rights they have, and how those rights are updated or revoked.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy