Blog

PCI Requirement 9.5 – Physically Secure all Media

by Randy Bartels / December 20, 2022

The Physical Security of Media At your organization, are receipts ever left on someone's desk? Are reports left in the printer and forgotten about? Are computers constantly logged in? If your organization has paper or electronic media containing cardholder data, you must protect and physically secure all media. PCI Requirement 9.5 is intended to prevent unauthorized individuals from accessing cardholder data through media. PCI Requirement 9.5 states, “Physically secure…

PCI Requirement 9.4.4 – A Visitor Log is Used to Maintain a Physical Audit Trail of Visitor Activity to the Facility, Computer Rooms, and Rooms Where CHD is Stored

by Randy Bartels / December 20, 2022

Maintain a Visitor Log In order to record which visitors have entered your sensitive areas, PCI Requirement 9.4.4 requires, “A visitor log is used to maintain a physical audit trail of visitor activity to the facility as well as computer rooms and data centers where cardholder data is stored or transmitted.” This visitor log must document three elements: The visitor’s name The firm represented The onsite personnel authorizing physical access…

PCI Requirement 9.4.3 – Visitors are Asked to Surrender the Badge or Identification Before Leaving the Facility or at the Date of Expiration

by Randy Bartels / December 20, 2022

Visitors Must Surrender Their Badge Upon Their Departure To comply with PCI Requirement 9.4, there’s an important step outline in PCI Requirement 9.4.3, related to identification mechanisms. It states, “Visitors are asked to surrender the badge or identification before leaving the facility or at the date of expiration.” Even though a visitor badge has an expiration date and/or time on it, you must ensure that you ask visitors to…

PCI Requirement 9.4.2 – Visitors are Identified and Given a Badge or Other Identification that Expires

by Randy Bartels / December 20, 2022

Identification Mechanisms Controls surrounding visitor access are vital to the physical security of your organization. When a visitor enters your facility, they need to be easily distinguished from onsite personnel. Throughout PCI Requirement 9, we’ve discussed visitor identification mechanisms such as a badge system; this comes into play in PCI Requirement 9.4.2 as well. PCI Requirement 9.4.2 states, “Visitors are identified and given a badge or other identification that…

PCI Requirement 9.4.1 – Visitors are Authorized Before Entering, and Escorted at all Times

by Randy Bartels / December 20, 2022

Authorize and Escort Visitors at All Times Controls surrounding visitor access are vital to the physical security of your organization. These controls reduce the potential for unauthorized individuals to gain access to cardholder data. If a visitor enters your organization’s sensitive areas that house cardholder data, PCI Requirement 9.4.1 requires that visitors are authorized before entering the area and escorted at all times within the area. To verify compliance…

PCI Requirement 9.5 – Physically Secure all Media

PCI Requirement 9.4.4 – A Visitor Log is Used to Maintain a Physical Audit Trail of Visitor Activity to the Facility, Computer Rooms, and Rooms Where CHD is Stored

PCI Requirement 9.4.3 – Visitors are Asked to Surrender the Badge or Identification Before Leaving the Facility or at the Date of Expiration

PCI Requirement 9.4.2 – Visitors are Identified and Given a Badge or Other Identification that Expires

PCI Requirement 9.4.1 – Visitors are Authorized Before Entering, and Escorted at all Times

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.