[PCI DSS 1.x] 8.5.16 Authenticate all access to any database containing cardholder data. This includes access by a

8.5.16.a Review database configuration settings for a sample of databases to verify that access is authenticated, including for individual users, applications, and administrators
8.5.16.b Review database configuration settings and database accounts to verify that direct SQL queries to the database are prohibited (there should be very few individual database login accounts. Direct SQL queries should be limited to database administrators)