Which statement reflects requirement 8.3 about IDs?

• A. Shared IDs allowed for admin tasks when logging.
• B. Generic user IDs are disabled or removed; Shared IDs do not exist for system administration; Shared and generic IDs are not used to administer any system components.
• C. Generic IDs should be used to simplify administration.
• D. Default credentials are required for admins.

Answer: (B)

Requirement 8.3 is about ensuring that access to system components is tied to unique, individual identities and that no shared or generic accounts are used for administration. This creates clear accountability and traceability for every action taken on critical systems, which is essential for detecting and auditing administrator activities. The statement that best fits this idea says that generic IDs are disabled or removed, and that shared IDs do not exist for system administration, nor are shared or generic IDs used to administer any system components. That captures the core goal: eliminate shared or generic admin access to preserve a direct link between actions and the person who performed them. Using shared or generic IDs would undermine responsibility and auditing, and requiring default credentials would introduce a serious security risk.