9.1 Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment.
9.1 Verify the existence of physical security controls for each computer room, data center, and other physical areas with systems in the cardholder data environment.
• Verify that access is controlled with badge readers or other devices including authorized badges and lock and key.
• Observe a system administrator’s attempt to log into consoles for randomly selected systems in the cardholder environment and verify that they are “locked” to prevent unauthorized use.
Without physical access controls, such as badge systems and door controls, unauthorized persons could potentially gain access to the facility to steal, disable, disrupt, or destroy critical systems and cardholder data.
Locking console login screens prevents unauthorized persons from gaining access to sensitive information, altering system configurations, introducing vulnerabilities into the network, or destroying records.