Blog

PCI Requirement 9.6.2 – Send the Media by Secured Courier

by Randy Bartels / February 7, 2023

Tracking Transferred Media If your organization transfers media to an off-site location, PCI Requirement 9.6.2 requires that you send the media by a secured courier and through a delivery method that can be accurately tracked. If you use the regular, non-trackable postal service, how do you keep track of your media? How do you know sensitive data hasn’t been lost or stolen? With the amount of secured courier options…

PCI Requirement 9.6.1 – Classify Media so the Sensitivity of the Data Can Be Determined

by Randy Bartels / December 20, 2022

Classifying Media Your organization needs to have policies and procedures in place for classifying media. PCI Requirement 9.6.1 states, “Classify media so that sensitivity of the data can be determined.” It’s important to note that the intent behind PCI Requirement 9.6.1 is not to label every sensitive piece of media as “Confidential.” Doing that defeats the purposes of this requirement; it draws attention to which media is valuable. The…

PCI Requirement 9.6 – Maintain Strict Control Over the Internal or External Distribution of Any Kind of Media

by Randy Bartels / December 20, 2022

Distribution of Media If your organization does not have policies and procedures in place to control the distribution of media, cardholder data could be lost, stolen, or used for fraudulent or malicious behavior. PCI Requirement 9.6 requires, “Maintain strict control over the internal or external distribution of any kind of media.” These controls could should cover: Classifying media based on sensitivity and is easily discernible. Sending media through a…

PCI Requirement 9.5.1 – Store Media Backups in a Secure Location and Review the Location’s Security Annually

by Randy Bartels / December 20, 2022

Storing Media Backups Part of physically securing media that houses cardholder data is storing media backups in a secure location. If not, media backups that contain cardholder data can easily be lost, stolen, or copied for malicious intent. This is why PCI Requirement 9.5.1 requires, “Store media backups in a secure location, preferably an off-site facility, such as an alternate or backup site, or a commercial storage facility. Review…

PCI Requirement 9.5 – Physically Secure all Media

by Randy Bartels / December 20, 2022

The Physical Security of Media At your organization, are receipts ever left on someone's desk? Are reports left in the printer and forgotten about? Are computers constantly logged in? If your organization has paper or electronic media containing cardholder data, you must protect and physically secure all media. PCI Requirement 9.5 is intended to prevent unauthorized individuals from accessing cardholder data through media. PCI Requirement 9.5 states, “Physically secure…

PCI Requirement 9.6.2 – Send the Media by Secured Courier

PCI Requirement 9.6.1 – Classify Media so the Sensitivity of the Data Can Be Determined

PCI Requirement 9.6 – Maintain Strict Control Over the Internal or External Distribution of Any Kind of Media

PCI Requirement 9.5.1 – Store Media Backups in a Secure Location and Review the Location’s Security Annually

PCI Requirement 9.5 – Physically Secure all Media

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.