[PCI DSS 1.x] 7.1 Limit access to computing resources and cardholder information only to those individuals whose j

7.1 Obtain and examine written policy for data control, and verify that the policy incorporates the following:

  • Access rights to privileged User IDs are restricted to least privileges necessary to perform job responsibilities
  • Assignment of privileges is based on individual personnel’s job classification and function
  • Requirement for an authorization form signed by management that specifies required privileges
  • Implementation of an automated access control system