PCI Requirement 9.1.2 – Implement Physical and/or Logical Controls to Restrict Access to Publicly Accessible Network Jacks

by Randy Bartels / May 31, 2023

Controls for Publicly Accessible Network Jacks To ensure that visitors cannot exploit network jacks, PCI Requirement 9.1.2 requires that organizations implement physical controls and/or implement logical controls that restrict access to publicly accessible network jacks. The PCI DSS also explains, “Restricting access to network jacks will prevent malicious individuals from plugging into readily available network jacks and gain access into internal network resources. Whether logical or physical controls, or a…

PCI Requirement 9.1 – Use Appropriate Facility Entry Controls to Limit and Monitor Physical Access to CDE

by Randy Bartels / May 31, 2023

Limit and Monitor Physical Access Applying the appropriate physical security and facility entry controls are vital to complying with PCI Requirement 9.1, which states, “Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment.” Wherever your cardholder data lives, it must be protected. Complying with PCI Requirement 9.1 comes in two parts: limit and monitor. Your organization must limit physical access to…

PCI Requirement 9 – Restrict Physical Access to Cardholder Data

by Randy Bartels / May 31, 2023

Why Should I Restrict Physical Access to Cardholder Data? What would happen if your organization had no physical access controls protecting cardholder data? Made no effort to restrict physical access to cardholder data? No locks on the doors, no badge or identification system, no security guards, no receptionist? Without physical access controls, you give unauthorized persons a plethora of ways to potentially gain access to your facility and to steal, disable,…

PCI Requirement 8.6 – Authentication Mechanisms Must Not Be Shared Among Multiple Accounts and Physical and/or Logical Controls Must Be in Place to Ensure Only Intended Account Can Use that Mechanism

by Randy Bartels / May 31, 2023

Do Not Share Authentication Mechanisms If your organization uses something you have as an authentication mechanism, like a type of physical device such as a token, smart card or certificate, we need to make sure that the authentication device can only be assigned to, and used by, one individual. If authentication mechanisms can be used by multiple accounts, it may be impossible to identify the individual using the authentication mechanism.…

PCI Requirement 8: Identify and Authenticate Access to System Components

by Randy Bartels / May 31, 2023

What is PCI-DSS Requirement 8? PCI Requirement 8 focuses on two actions: identify and authenticate. These actions are critical to protecting your systems. When the PCI DSS describes system components in its requirements, it’s referring to internal and external networks, servers, and applications that are connected to cardholder data. This could be anything from firewalls to switches to databases. PCI Requirement 8 states, “Identify and authenticate access to system components.”…