Implement Strong Access Control Measures

Topic	Views	Activity
About the Implement Strong Access Control Measures category	13	February 9, 2023
9.10 Ensure that security policies and operational procedures for restricting physical access to cardholder data are documented, in use, and known to all affected parties	7	February 19, 2023
9.9.3 Provide training for personnel to be aware of attempted tampering or replacement of devices. Training should include the following:	8	February 19, 2023
9.9.2 Periodically inspect device surfaces to detect tampering	8	February 19, 2023
9.9.1 Maintain an up-to-date list of devices. The list should include the following:	6	February 19, 2023
9.9 Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution	8	February 19, 2023
9.8.2 Render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed	5	February 19, 2023
9.8.1 Shred, incinerate, or pulp hard- copy materials so that cardholder data cannot be reconstructed. Secure storage containers used for materials that are to be destroyed	6	February 19, 2023
9.8 Destroy media when it is no longer needed for business or legal reasons as follows:	6	February 19, 2023
9.7.1 Properly maintain inventory logs of all media and conduct media inventories at least annually	6	February 19, 2023
9.7 Maintain strict control over the storage and accessibility of media	5	February 19, 2023
9.6.3 Ensure management approves any and all media that is moved from a secured area (including when media is distributed to individuals)	7	February 19, 2023
9.6.2 Send the media by secured courier or other delivery method that can be accurately tracked	8	February 19, 2023
9.6.1 Classify media so the sensitivity of the data can be determined	6	February 19, 2023
9.6 Maintain strict control over the internal or external distribution of any kind of media, including the following:	5	February 19, 2023
9.5.1 Store media backups in a secure location, preferably an off-site facility, such as an alternate or backup site, or a commercial storage facility	5	February 19, 2023
9.5 Physically secure all media	6	February 19, 2023
9.4.4 A visitor log is used to maintain a physical audit trail of visitor activity to the facility as well as computer rooms and data centers where cardholder data is stored or transmitted	5	February 19, 2023
9.4.3 Visitors are asked to surrender the badge or identification before leaving the facility or at the date of expiration	6	February 19, 2023
9.4.2 Visitors are identified and given a badge or other identification that expires and that visibly distinguishes the visitors from onsite personnel	7	February 19, 2023
9.4 Implement procedures to identify and authorize visitors. Procedures should include the following:	7	February 19, 2023
9.3 Control physical access for onsite personnel to sensitive areas as follows:	6	February 19, 2023
9.2 Develop procedures to easily distinguish between onsite personnel and visitors, to include:	6	February 19, 2023
9.1.3 Restrict physical access to wireless access points, gateways, handheld devices, networking/communications hardware, and telecommunication lines	9	February 14, 2023
9.1.2 Implement physical and/or logical controls to restrict access to publicly accessible network jacks	11	February 14, 2023
9.1 Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment	15	February 14, 2023
9.1.1 Use either video cameras or access control mechanisms (or both) to monitor individual physical access to sensitive areas	9	February 14, 2023
Requirement 9: Restrict physical access to cardholder data	8	February 14, 2023
8.8 Ensure that security policies and operational procedures for identification and authentication are documented, in use, and known to all affected parties	5	February 14, 2023
8.7 All access to any database containing cardholder data (including access by applications, administrators, and all other users) is restricted as follows	8	February 14, 2023