PCI Requirement 7.3 – Ensure Policies and Procedures for Restricting Access to Cardholder Data are Documented, in Use, and Known to all Affected Parties
by Randy Bartels / November 28th, 2017
Documentation for Restricting Access to Cardholder Data PCI Requirement 7 states, “Restrict access to cardholder data by business need to know.” Complying with PCI…
PCI Requirement 7.2.3 – Default “Deny-All” Setting
by Randy Bartels / November 28th, 2017
What is a Default "Deny-All" Setting? PCI Requirement 7.2.3 requires that your organization’s access control systems are set to a default “deny-all” setting, which…
PCI Requirement 7.2.2 – Assignment of Privileges Based on Job Function
by Randy Bartels / November 28th, 2017
What is PCI Requirement 7.2.2? We’ve discussed least privileges and business need to know a lot during PCI Requirement 7, and PCI Requirement 7.2.2…
PCI Requirement 7.2.1 – Coverage of all System Components
by Randy Bartels / November 28th, 2017
Access Control Systems on All System Components PCI Requirement 7.2.1 requires that your organization’s access control systems include coverage of all system components. Access…
PCI Requirement 7.2 – Establish an Access Control System
by Randy Bartels / November 28th, 2017
Why Establish an Access Control System? PCI Requirement 7.2 states, “Establish an access control system for system components that restricts access based on a…