[PCI DSS 1.x] A.1.2 Restrict each entity's access and privileges to own cardholder data environment only

A.1.2.a Verify the user ID of any application process is not a privileged user (root/admin).
A.1.2.b Verify each entity (merchant, service provider) has read, write, or execute permissions only for files and directories it owns or for necessary system files (restricted via file system permissions, access control lists, chroot, jailshell, etc.). IMPORTANT: An entity.s files may not be shared by group
A.1.2.c Verify an entity.s users do not have write access to shared system binaries
A.1.2.d Verify that viewing of log entries is restricted to the owning entity
A.1.2.e To ensure each entity cannot monopolize server resources to exploit vulnerabilities (error, race, and restart conditions, resulting in, for example, buffer overflows), verify restrictions are in place for the use of these system resources:

  • Disk space
  • Bandwidth
  • Memory
  • CPU