Blog

PCI Requirement 7.2.1 – Coverage of all System Components

by Randy Bartels / December 19, 2022

Access Control Systems on All System Components PCI Requirement 7.2.1 requires that your organization’s access control systems include coverage of all system components. Access control systems are incredibly important because they protect your organization from unknowingly granting access to the cardholder data environment to an unauthorized user. Implementing PCI Requirement 7.2.1 ensures that your entire system is protecting the cardholder data environment and supporting role based access controls. During a…

PCI Requirement 7.2 – Establish an Access Control System

by Randy Bartels / December 19, 2022

Why Establish an Access Control System? PCI Requirement 7.2 states, “Establish an access control system for system components that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed.” This access control system must include the following three sub-requirements of PCI Requirement 7.2: 7.2.1: Coverage of all system components 7.2.2: Assignment of privileges to individuals based on job classification and function 7.2.3:…

PCI Requirement 7.1.4 – Require Documented Approval by Authorized Parties

by Randy Bartels / December 19, 2022

Management Approval PCI Requirement 7.1.4 states, “Require documented approval by authorized parties by specifying required privileges.” The PCI DSS explains that the purpose of documented approval, in writing or electronic, is to assure that those with access and privileges are known and authorized by management, and that their access is necessary for their job function. PCI Requirement 7.1.4 requires that your organization retain some type of artifact that states who…

PCI Requirement 7.1.3 – Assign Access Based on Individual Personnel’s Job Classification and Function

by Randy Bartels / December 19, 2022

What is PCI Requirement 7.1.3? PCI Requirement 7.1.3 states, “Assign access based on individual personnel’s job classification and function.” Because access needs have been defined for user roles in PCI Requirement 7.1.1, it is easy to take the next step in PCI Requirement 7.1.3 and grant individuals access according to their job classification and function by using the already-created roles. During the assessment, an assessor will, once again, get a…

PCI Requirement 7.1.2 – Restrict Access to Privileged User IDs to Least Privileges Necessary

by Randy Bartels / December 19, 2022

What is PCI Requirement 7.1.2? Within your organization, you will obviously have personnel who require an elevated level of privilege. You will have some personnel with more responsibility than others, but you still need to limit the ability for someone to impact the security of the cardholder data environment. PCI Requirement 7.1.2 requires you to limit access to privileged user IDs to personnel who truly require it for the function…

PCI Requirement 7.2.1 – Coverage of all System Components

PCI Requirement 7.2 – Establish an Access Control System

PCI Requirement 7.1.4 – Require Documented Approval by Authorized Parties

PCI Requirement 7.1.3 – Assign Access Based on Individual Personnel’s Job Classification and Function

PCI Requirement 7.1.2 – Restrict Access to Privileged User IDs to Least Privileges Necessary

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.