Implement Strong Access Control Measures

Topic	Views	Activity
About the Implement Strong Access Control Measures category	98	February 9, 2023
9.10 Ensure that security policies and operational procedures for restricting physical access to cardholder data are documented, in use, and known to all affected parties	76	February 19, 2023
9.9.3 Provide training for personnel to be aware of attempted tampering or replacement of devices. Training should include the following:	61	February 19, 2023
9.9.2 Periodically inspect device surfaces to detect tampering	80	February 19, 2023
9.9.1 Maintain an up-to-date list of devices. The list should include the following:	54	February 19, 2023
9.9 Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution	74	February 19, 2023
9.8.2 Render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed	63	February 19, 2023
9.8.1 Shred, incinerate, or pulp hard- copy materials so that cardholder data cannot be reconstructed. Secure storage containers used for materials that are to be destroyed	65	February 19, 2023
9.8 Destroy media when it is no longer needed for business or legal reasons as follows:	86	February 19, 2023
9.7.1 Properly maintain inventory logs of all media and conduct media inventories at least annually	81	February 19, 2023
9.7 Maintain strict control over the storage and accessibility of media	53	February 19, 2023
9.6.3 Ensure management approves any and all media that is moved from a secured area (including when media is distributed to individuals)	59	February 19, 2023
9.6.2 Send the media by secured courier or other delivery method that can be accurately tracked	120	February 19, 2023
9.6.1 Classify media so the sensitivity of the data can be determined	63	February 19, 2023
9.6 Maintain strict control over the internal or external distribution of any kind of media, including the following:	58	February 19, 2023
9.5.1 Store media backups in a secure location, preferably an off-site facility, such as an alternate or backup site, or a commercial storage facility	70	February 19, 2023
9.5 Physically secure all media	64	February 19, 2023
9.4.4 A visitor log is used to maintain a physical audit trail of visitor activity to the facility as well as computer rooms and data centers where cardholder data is stored or transmitted	79	February 19, 2023
9.4.3 Visitors are asked to surrender the badge or identification before leaving the facility or at the date of expiration	73	February 19, 2023
9.4.2 Visitors are identified and given a badge or other identification that expires and that visibly distinguishes the visitors from onsite personnel	52	February 19, 2023
9.4 Implement procedures to identify and authorize visitors. Procedures should include the following:	56	February 19, 2023
9.3 Control physical access for onsite personnel to sensitive areas as follows:	79	February 19, 2023
9.2 Develop procedures to easily distinguish between onsite personnel and visitors, to include:	69	February 19, 2023
9.1.3 Restrict physical access to wireless access points, gateways, handheld devices, networking/communications hardware, and telecommunication lines	67	February 14, 2023
9.1.2 Implement physical and/or logical controls to restrict access to publicly accessible network jacks	120	February 14, 2023
9.1 Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment	115	February 14, 2023
9.1.1 Use either video cameras or access control mechanisms (or both) to monitor individual physical access to sensitive areas	63	February 14, 2023
Requirement 9: Restrict physical access to cardholder data	84	February 14, 2023
8.8 Ensure that security policies and operational procedures for identification and authentication are documented, in use, and known to all affected parties	67	February 14, 2023
8.7 All access to any database containing cardholder data (including access by applications, administrators, and all other users) is restricted as follows	54	February 14, 2023