Blog

PCI Requirement 9.4 – Implement Procedures to Identify and Authorize Visitors

by Randy Bartels / December 20, 2022

How to Identify and Authorize Visitors What would the consequences be if an unidentified, unauthorized visitor entered your facility? What people, facilities, or technology would they have physical access to? How would you confront them? PCI Requirement 9.4 hopes to prevent a situation like this from occurring at your organization. PCI Requirement 9.4 states, “Implement procedures to identify and authorize visitors,” and outlines four sub-requirements to help your organization…

PCI Requirement 9.3 – Control Physical Access for Onsite Personnel to Sensitive Areas

by Randy Bartels / December 20, 2022

Physical Access Requirements for Onsite Personnel Physical access requirements don’t only apply to visitors, they also apply to your onsite personnel. PCI Requirement 9.3 focuses on controlling physical access to sensitive areas for onsite personnel. Your organization should determine specific sensitive areas where cardholder data is stored, processed, or transmitted and specific onsite personnel who have been granted physical access to these areas. Physical access to sensitive areas must be…

PCI Requirement 9.2 – Develop Procedures to Easily Distinguish Between Onsite Personnel and Visitors

by Randy Bartels / December 20, 2022

How to Easily Distinguish Between Onsite Personnel and Visitors As part of your organization’s physical security measures, PCI Requirement 9.2 requires that your organization develops and maintains identification procedures to easily distinguish between onsite personnel and visitors. It’s important to remember that in relation to PCI Requirement 9, onsite personnel refers to full-time and part-time employees, temporary employees, contractors, and consultants who are physically present on your organization’s premise. Visitors…

PCI Requirement 9.1.3 – Restrict Physical Access to Wireless Access Points, Gateways, Handheld Devices, Networking/Communications Hardware, and Telecommunication Lines

by Randy Bartels / December 20, 2022

Physical Security of Wireless Devices Wireless components and devices introduce more risk to your cardholder data environment. This is why PCI Requirement 9.1.3 focuses on maintaining the physical security of wireless devices. PCI Requirement 9.1.3 requires, “Restrict physical access to wireless access points, gateways, handheld devices, networking hardware, communications hardware, and telecommunication lines.” Without the proper security over access to wireless components and devices, attackers can use your organization’s…

PCI Requirement 9.1.2 – Implement Physical and/or Logical Controls to Restrict Access to Publicly Accessible Network Jacks

by Randy Bartels / May 31, 2023

Controls for Publicly Accessible Network Jacks To ensure that visitors cannot exploit network jacks, PCI Requirement 9.1.2 requires that organizations implement physical controls and/or implement logical controls that restrict access to publicly accessible network jacks. The PCI DSS also explains, “Restricting access to network jacks will prevent malicious individuals from plugging into readily available network jacks and gain access into internal network resources. Whether logical or physical controls, or a…

PCI Requirement 9.4 – Implement Procedures to Identify and Authorize Visitors

PCI Requirement 9.3 – Control Physical Access for Onsite Personnel to Sensitive Areas

PCI Requirement 9.2 – Develop Procedures to Easily Distinguish Between Onsite Personnel and Visitors

PCI Requirement 9.1.3 – Restrict Physical Access to Wireless Access Points, Gateways, Handheld Devices, Networking/Communications Hardware, and Telecommunication Lines

PCI Requirement 9.1.2 – Implement Physical and/or Logical Controls to Restrict Access to Publicly Accessible Network Jacks

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.