Home > Storage > ObjectScale and ECS > Product Documentation > ECS PCI DSS Compliance > Requirement 8: Identify and authenticate access to system components
Requirement 8 ensures that every individual with access to a system has a specific identification and is authenticated through a secure process. The identification and authentication processes provide accountability for all actions within a system.
ECS Identity and Access Management (IAM) enables you to have fine-grained access to the ECS S3 resources securely. This functionality ensures that each access request to an ECS resource is identified, authenticated, and authorized. ECS IAM allows you to add users, roles, and groups. You can also grant and restrict the access by adding policies to the ECS IAM entities. For more information, refer to ECS 3.6.1 Security Configuration Guide.
Note: ECS IAM functionality is only supported for the S3 protocol. ECS IAM policies and settings have no impact when data is accessed through other protocols. ECS IAM entities coexist with legacy object and management users.
The other requirements in this section are enforced through policies, procedures, and processes external to the ECS cluster.