|
About the Implement Strong Access Control Measures category
|
|
0
|
145
|
February 9, 2023
|
|
9.10 Ensure that security policies and operational procedures for restricting physical access to cardholder data are documented, in use, and known to all affected parties
|
|
0
|
124
|
February 19, 2023
|
|
9.9.3 Provide training for personnel to be aware of attempted tampering or replacement of devices. Training should include the following:
|
|
0
|
115
|
February 19, 2023
|
|
9.9.2 Periodically inspect device surfaces to detect tampering
|
|
0
|
151
|
February 19, 2023
|
|
9.9.1 Maintain an up-to-date list of devices. The list should include the following:
|
|
0
|
89
|
February 19, 2023
|
|
9.9 Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution
|
|
0
|
121
|
February 19, 2023
|
|
9.8.2 Render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed
|
|
0
|
103
|
February 19, 2023
|
|
9.8.1 Shred, incinerate, or pulp hard- copy materials so that cardholder data cannot be reconstructed. Secure storage containers used for materials that are to be destroyed
|
|
0
|
104
|
February 19, 2023
|
|
9.8 Destroy media when it is no longer needed for business or legal reasons as follows:
|
|
0
|
119
|
February 19, 2023
|
|
9.7.1 Properly maintain inventory logs of all media and conduct media inventories at least annually
|
|
0
|
139
|
February 19, 2023
|
|
9.7 Maintain strict control over the storage and accessibility of media
|
|
0
|
82
|
February 19, 2023
|
|
9.6.3 Ensure management approves any and all media that is moved from a secured area (including when media is distributed to individuals)
|
|
0
|
101
|
February 19, 2023
|
|
9.6.2 Send the media by secured courier or other delivery method that can be accurately tracked
|
|
0
|
156
|
February 19, 2023
|
|
9.6.1 Classify media so the sensitivity of the data can be determined
|
|
0
|
94
|
February 19, 2023
|
|
9.6 Maintain strict control over the internal or external distribution of any kind of media, including the following:
|
|
0
|
87
|
February 19, 2023
|
|
9.5.1 Store media backups in a secure location, preferably an off-site facility, such as an alternate or backup site, or a commercial storage facility
|
|
0
|
119
|
February 19, 2023
|
|
9.5 Physically secure all media
|
|
0
|
88
|
February 19, 2023
|
|
9.4.4 A visitor log is used to maintain a physical audit trail of visitor activity to the facility as well as computer rooms and data centers where cardholder data is stored or transmitted
|
|
0
|
158
|
February 19, 2023
|
|
9.4.3 Visitors are asked to surrender the badge or identification before leaving the facility or at the date of expiration
|
|
0
|
121
|
February 19, 2023
|
|
9.4.2 Visitors are identified and given a badge or other identification that expires and that visibly distinguishes the visitors from onsite personnel
|
|
0
|
83
|
February 19, 2023
|
|
9.4 Implement procedures to identify and authorize visitors. Procedures should include the following:
|
|
0
|
92
|
February 19, 2023
|
|
9.3 Control physical access for onsite personnel to sensitive areas as follows:
|
|
0
|
119
|
February 19, 2023
|
|
9.2 Develop procedures to easily distinguish between onsite personnel and visitors, to include:
|
|
0
|
110
|
February 19, 2023
|
|
9.1.3 Restrict physical access to wireless access points, gateways, handheld devices, networking/communications hardware, and telecommunication lines
|
|
0
|
107
|
February 14, 2023
|
|
9.1.2 Implement physical and/or logical controls to restrict access to publicly accessible network jacks
|
|
0
|
189
|
February 14, 2023
|
|
9.1 Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment
|
|
0
|
153
|
February 14, 2023
|
|
9.1.1 Use either video cameras or access control mechanisms (or both) to monitor individual physical access to sensitive areas
|
|
0
|
95
|
February 14, 2023
|
|
Requirement 9: Restrict physical access to cardholder data
|
|
0
|
134
|
February 14, 2023
|
|
8.8 Ensure that security policies and operational procedures for identification and authentication are documented, in use, and known to all affected parties
|
|
0
|
95
|
February 14, 2023
|
|
8.7 All access to any database containing cardholder data (including access by applications, administrators, and all other users) is restricted as follows
|
|
0
|
87
|
February 14, 2023
|