PCI DSS compliance

8.5 Groups, shared and functional accounts

8.5 Generic and shared accounts

To ensure accountability, the usage of generic and shared accounts should be reduced to a minimum. Or even better, used at all. This PCI DSS control describes the requirements to disable generic accounts. For shared accounts, they should only be used for non-critical activities. When it comes to system administrator or any other high level activity, it should only be possible with an authorized and individual account.