PCI Requirement 7.2.1 – Coverage of all System Components
Access Control Systems on All System Components
PCI Requirement 7.2.1 requires that your organization’s access control systems include coverage of all system components. Access control systems are incredibly important because they protect your organization from unknowingly granting access to the cardholder data environment to an unauthorized user. Implementing PCI Requirement 7.2.1 ensures that your entire system is protecting the cardholder data environment and supporting role based access controls.
During a PCI assessment, your system settings and relevant documentation will be examined to verify that your access control systems are in place on all system components.
When developing and/or purchasing systems, we need to make sure that all applications that you have – whether it be an operating system, database, regardless of what it is – and the entire environment is capable of supporting role based access controls.