PCI Archives

PCI Requirement 7.3 – Ensure Policies and Procedures for Restricting Access to Cardholder Data are Documented, in Use, and Known to all Affected Parties

by Randy Bartels / December 19, 2022

Documentation for Restricting Access to Cardholder Data PCI Requirement 7 states, “Restrict access to cardholder data by business need to know.” Complying with PCI Requirement 7 is critical to ensuring that cardholder data is accessed only by authorized personnel. For this requirement, we’ve discussed access control systems, how to define access needs, limiting privileges based on business need to know, and how to further protect your cardholder data environment. But,…

PCI Requirement 7.2.3 – Default “Deny-All” Setting

by Randy Bartels / December 19, 2022

What is a Default "Deny-All" Setting? PCI Requirement 7.2.3 requires that your organization’s access control systems are set to a default “deny-all” setting, which means that no one is granted access, unless it’s explicitly assigned to someone. Some access control systems are set to a default “allow-all” setting, but PCI Requirement 7.2.3 requires yours is set to a default “deny-all” setting. This ensures no one is granted access unless a rule…

PCI Requirement 7.2.2 – Assignment of Privileges Based on Job Function

by Randy Bartels / December 19, 2022

What is PCI Requirement 7.2.2? We’ve discussed least privileges and business need to know a lot during PCI Requirement 7, and PCI Requirement 7.2.2 is no different. PCI Requirement 7.2.2 requires that your organization’s access control systems assign privileges based on job classification and function. If a job doesn’t require certain access to function, there’s no need to grant that access. Access control systems help protect your organization from unknowingly…

PCI Requirement 7.2.1 – Coverage of all System Components

by Randy Bartels / December 19, 2022

Access Control Systems on All System Components PCI Requirement 7.2.1 requires that your organization’s access control systems include coverage of all system components. Access control systems are incredibly important because they protect your organization from unknowingly granting access to the cardholder data environment to an unauthorized user. Implementing PCI Requirement 7.2.1 ensures that your entire system is protecting the cardholder data environment and supporting role based access controls. During a…

PCI Requirement 7.2 – Establish an Access Control System

by Randy Bartels / December 19, 2022

Why Establish an Access Control System? PCI Requirement 7.2 states, “Establish an access control system for system components that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed.” This access control system must include the following three sub-requirements of PCI Requirement 7.2: 7.2.1: Coverage of all system components 7.2.2: Assignment of privileges to individuals based on job classification and function 7.2.3:…

Blog

PCI

PCI Requirement 7.3 – Ensure Policies and Procedures for Restricting Access to Cardholder Data are Documented, in Use, and Known to all Affected Parties

PCI Requirement 7.2.3 – Default “Deny-All” Setting

PCI Requirement 7.2.2 – Assignment of Privileges Based on Job Function

PCI Requirement 7.2.1 – Coverage of all System Components

PCI Requirement 7.2 – Establish an Access Control System

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.