PCI Requirement 9.4.4 – A Visitor Log is Used to Maintain a Physical Audit Trail of Visitor Activity to the Facility, Computer Rooms, and Rooms Where CHD is Stored
Maintain a Visitor Log In order to record which visitors have entered your sensitive areas, PCI Requirement 9.4.4 requires, “A visitor log is used to maintain a physical audit trail of visitor activity to the facility as well as computer rooms and data centers where cardholder data is stored or transmitted.” This visitor log must document three elements: The visitor’s name The firm represented The onsite personnel authorizing physical access…