Implement Strong Access Control Measures

Topic	Views	Activity
About the Implement Strong Access Control Measures category	41	February 9, 2023
9.10 Ensure that security policies and operational procedures for restricting physical access to cardholder data are documented, in use, and known to all affected parties	29	February 19, 2023
9.9.3 Provide training for personnel to be aware of attempted tampering or replacement of devices. Training should include the following:	26	February 19, 2023
9.9.2 Periodically inspect device surfaces to detect tampering	48	February 19, 2023
9.9.1 Maintain an up-to-date list of devices. The list should include the following:	26	February 19, 2023
9.9 Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution	40	February 19, 2023
9.8.2 Render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed	32	February 19, 2023
9.8.1 Shred, incinerate, or pulp hard- copy materials so that cardholder data cannot be reconstructed. Secure storage containers used for materials that are to be destroyed	33	February 19, 2023
9.8 Destroy media when it is no longer needed for business or legal reasons as follows:	49	February 19, 2023
9.7.1 Properly maintain inventory logs of all media and conduct media inventories at least annually	32	February 19, 2023
9.7 Maintain strict control over the storage and accessibility of media	24	February 19, 2023
9.6.3 Ensure management approves any and all media that is moved from a secured area (including when media is distributed to individuals)	32	February 19, 2023
9.6.2 Send the media by secured courier or other delivery method that can be accurately tracked	72	February 19, 2023
9.6.1 Classify media so the sensitivity of the data can be determined	25	February 19, 2023
9.6 Maintain strict control over the internal or external distribution of any kind of media, including the following:	25	February 19, 2023
9.5.1 Store media backups in a secure location, preferably an off-site facility, such as an alternate or backup site, or a commercial storage facility	31	February 19, 2023
9.5 Physically secure all media	38	February 19, 2023
9.4.4 A visitor log is used to maintain a physical audit trail of visitor activity to the facility as well as computer rooms and data centers where cardholder data is stored or transmitted	32	February 19, 2023
9.4.3 Visitors are asked to surrender the badge or identification before leaving the facility or at the date of expiration	35	February 19, 2023
9.4.2 Visitors are identified and given a badge or other identification that expires and that visibly distinguishes the visitors from onsite personnel	29	February 19, 2023
9.4 Implement procedures to identify and authorize visitors. Procedures should include the following:	23	February 19, 2023
9.3 Control physical access for onsite personnel to sensitive areas as follows:	42	February 19, 2023
9.2 Develop procedures to easily distinguish between onsite personnel and visitors, to include:	37	February 19, 2023
9.1.3 Restrict physical access to wireless access points, gateways, handheld devices, networking/communications hardware, and telecommunication lines	34	February 14, 2023
9.1.2 Implement physical and/or logical controls to restrict access to publicly accessible network jacks	29	February 14, 2023
9.1 Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment	54	February 14, 2023
9.1.1 Use either video cameras or access control mechanisms (or both) to monitor individual physical access to sensitive areas	31	February 14, 2023
Requirement 9: Restrict physical access to cardholder data	34	February 14, 2023
8.8 Ensure that security policies and operational procedures for identification and authentication are documented, in use, and known to all affected parties	33	February 14, 2023
8.7 All access to any database containing cardholder data (including access by applications, administrators, and all other users) is restricted as follows	24	February 14, 2023