[PCI DSS 1.x] A.1.1 Ensure that each entity only has access to own cardholder data environment

A.1.1 If a shared hosting provider allows entities (for example, merchants or service providers) to run their own applications, verify these application processes run using the unique ID of the entity. For example:

  • No entity on the system can use a shared web server user ID
  • All CGI scripts used by an entity must be created and run as the entity’s unique user ID