PCI Requirement 9.4.2 – Visitors are Identified and Given a Badge or Other Identification that Expires

by Randy Bartels / December 20, 2022

 Identification Mechanisms Controls surrounding visitor access are vital to the physical security of your organization. When a visitor enters your facility, they need to be easily distinguished from onsite personnel. Throughout PCI Requirement 9, we’ve discussed visitor identification mechanisms such as a badge system; this comes into play in PCI Requirement 9.4.2 as well. PCI Requirement 9.4.2 states, “Visitors are identified and given a badge or other identification that…

PCI Requirement 9.4.1 – Visitors are Authorized Before Entering, and Escorted at all Times

by Randy Bartels / December 20, 2022

 Authorize and Escort Visitors at All Times Controls surrounding visitor access are vital to the physical security of your organization. These controls reduce the potential for unauthorized individuals to gain access to cardholder data. If a visitor enters your organization’s sensitive areas that house cardholder data, PCI Requirement 9.4.1 requires that visitors are authorized before entering the area and escorted at all times within the area. To verify compliance…

PCI Requirement 9.4 – Implement Procedures to Identify and Authorize Visitors

by Randy Bartels / December 20, 2022

 How to Identify and Authorize Visitors What would the consequences be if an unidentified, unauthorized visitor entered your facility? What people, facilities, or technology would they have physical access to? How would you confront them? PCI Requirement 9.4 hopes to prevent a situation like this from occurring at your organization. PCI Requirement 9.4 states, “Implement procedures to identify and authorize visitors,” and outlines four sub-requirements to help your organization…

PCI Requirement 9.3 – Control Physical Access for Onsite Personnel to Sensitive Areas

by Randy Bartels / December 20, 2022

Physical Access Requirements for Onsite Personnel Physical access requirements don’t only apply to visitors, they also apply to your onsite personnel. PCI Requirement 9.3 focuses on controlling physical access to sensitive areas for onsite personnel. Your organization should determine specific sensitive areas where cardholder data is stored, processed, or transmitted and specific onsite personnel who have been granted physical access to these areas. Physical access to sensitive areas must be…

PCI Requirement 9.2 – Develop Procedures to Easily Distinguish Between Onsite Personnel and Visitors

by Randy Bartels / December 20, 2022

How to Easily Distinguish Between Onsite Personnel and Visitors As part of your organization’s physical security measures, PCI Requirement 9.2 requires that your organization develops and maintains identification procedures to easily distinguish between onsite personnel and visitors. It’s important to remember that in relation to PCI Requirement 9, onsite personnel refers to full-time and part-time employees, temporary employees, contractors, and consultants who are physically present on your organization’s premise. Visitors…