Welcome to Scribd!

PCI Compliance Requirement 7

Uploaded by

0% found this document useful (0 votes)

10 views7 pages

This document discusses PCI compliance requirement 7 which states that access to cardholder data should be restricted based on business need-to-know. It outlines that only authorized personnel whose job requires access should be granted access to computing resources and cardholder data to reduce risk. Organizations should create a clear policy to define how and to whom access is granted and establish a mechanism, like role-based access control, to restrict access based on a user's need to know and deny all unless specifically allowed.

Original Description:

Copyright

Available Formats

PPTX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

10 views7 pages

PCI Compliance Requirement 7

Uploaded by

Sushil Verma

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 7

Search inside document

PCI compliance requirement 7

Restrict access to cardholder data by business need-to-know.

Objective:
This requirement ensures critical data can only be accessed by authorized personnel.

Requirement
7.1 Limit access to computing resources and cardholder information only to those individuals whose job requires such access.
The more people who have access to cardholder data, the more risk there is that a users account will be used maliciously. Limiting access to those with a strong business reason for the access helps your organization prevent mishandling of cardholder data through inexperience or malice. Your organization should create a clear policy for data access control to define how, and to whom, access is granted.

7.2 Establish a mechanism for systems with multiple

users that restricts access based on a users need to know and is set to deny all unless specifically allowed.
Without a mechanism to restrict access based on users need to know, a user may unknowingly be granted access to cardholder data.

How to implement requirement 7?

Implement a access control model
Attribute-based access control Discretionary access control Mandatory access control Role-based access control
Role-based access control model is the best for PCIDSS

Access control list

Filesystem ACLs
A File system ACL is a data structure (usually a table) containing entries that specify individual user or group rights to specific system objects such as programs, processes, or files.

Networking ACLs
An Access Control List refers to rules that are applied to port numbers or network daemon names that are available on a host or other layer 3, each with a list of hosts and/or networks permitted to use the service.

Database Security Issues
Document53 pages
Database Security Issues
UMM-E-RUBAB
No ratings yet
CISA Exam-Testing Concept-Knowledge of Logical Access Control
From Everand
CISA Exam-Testing Concept-Knowledge of Logical Access Control
Hemang Doshi
Rating: 2.5 out of 5 stars
2.5/5 (3)
Hippocratic Database: Archit Khanna CSE1 (A) 12021
Document25 pages
Hippocratic Database: Archit Khanna CSE1 (A) 12021
Archit Khanna
No ratings yet
Database CH 4
Document23 pages
Database CH 4
Efeson Hamelo
No ratings yet
Lecture Three Information Systems Access Control
Document30 pages
Lecture Three Information Systems Access Control
nzumahezron
No ratings yet
Itm662 Lecture04 2014
Document92 pages
Itm662 Lecture04 2014
Любовь Таранова
No ratings yet
Acc Con Pol
Document5 pages
Acc Con Pol
JA NE JA NE
No ratings yet
Access Control Policy1
Document6 pages
Access Control Policy1
Adaa Jarso
No ratings yet
ADB - CH5 Database Security
Document42 pages
ADB - CH5 Database Security
Abenezer Teshome
No ratings yet
Managing Data Security: Data and Database Administration
Document6 pages
Managing Data Security: Data and Database Administration
Patrick Ramos
No ratings yet
Isa - GRP-6 Identity Access Management
Document72 pages
Isa - GRP-6 Identity Access Management
alyzzamarienpanambitan
No ratings yet
BSAIS4A Raba, Eliezer PREFINAL
Document4 pages
BSAIS4A Raba, Eliezer PREFINAL
Eliezer Raba
No ratings yet
Principles of Information Security, Fifth Edition: Security Technology: Firewalls and Vpns
Document76 pages
Principles of Information Security, Fifth Edition: Security Technology: Firewalls and Vpns
Abdiraxman Maxamed
No ratings yet
03 Security
Document18 pages
03 Security
Body Sallam
No ratings yet
IAS Chapter 4 Final
Document20 pages
IAS Chapter 4 Final
teshu wodesa
No ratings yet
Birlamedisoft: ELV Extremely Low Voltage Systems
Document56 pages
Birlamedisoft: ELV Extremely Low Voltage Systems
LinweiXia
No ratings yet
Distributed Databse Presentation
Document9 pages
Distributed Databse Presentation
Aiman zahra
No ratings yet
Database Security
Document19 pages
Database Security
Akshat Jain
No ratings yet
Introduction To Database Security
Document38 pages
Introduction To Database Security
Hoàng Đình Hạnh
100% (1)
Group 3 and 4 Presentations
Document48 pages
Group 3 and 4 Presentations
darlington mugariri
No ratings yet
UNit III DBMS
Document28 pages
UNit III DBMS
Arnav Chowdhury
No ratings yet
Authorization Rules: BY, Iti Mehrotra (46) M.Haritha
Document13 pages
Authorization Rules: BY, Iti Mehrotra (46) M.Haritha
Haritha Mudumba
No ratings yet
Report 4
Document24 pages
Report 4
mahalaxmi2012
No ratings yet
DBMS Unit - 5
Document27 pages
DBMS Unit - 5
JANMEET
No ratings yet
Topic 6 - Identity & Access Management
Document27 pages
Topic 6 - Identity & Access Management
s.l.mills86
No ratings yet
Database Management 4
Document19 pages
Database Management 4
John Broke
No ratings yet
Chap8 BaoMatCSDL PDF
Document78 pages
Chap8 BaoMatCSDL PDF
Thạnh Hồ
No ratings yet
Unit5-AccessControl BIT5thSem
Document6 pages
Unit5-AccessControl BIT5thSem
tiwarisapana036
No ratings yet
CA Module 19
Document25 pages
CA Module 19
Ehab Rushdy
No ratings yet
Identity and Access Management 1
Document6 pages
Identity and Access Management 1
catudayja
No ratings yet
Quick Tips - Chapter 5
Document5 pages
Quick Tips - Chapter 5
V W
No ratings yet
Manage User Accounts: Inside This Reading
Document8 pages
Manage User Accounts: Inside This Reading
Tarik Shigute
No ratings yet
Sharon Chebet
Document4 pages
Sharon Chebet
Evans
No ratings yet
Excessive Privileges: Atabase Hreats
Document6 pages
Excessive Privileges: Atabase Hreats
8816 jjcl
No ratings yet
Access Control Policy: Technical
Document6 pages
Access Control Policy: Technical
aalmotaa
No ratings yet
Database Security
Document26 pages
Database Security
Felipe Oliveros
No ratings yet
Esu Sec Week 3 Principle
Document46 pages
Esu Sec Week 3 Principle
ermias
No ratings yet
Chapter-1 Access Control Systems & Methodology
Document8 pages
Chapter-1 Access Control Systems & Methodology
nrpradhan
No ratings yet
Unit-5 Database Security
Document14 pages
Unit-5 Database Security
Yash
No ratings yet
Security and Authorization
Document14 pages
Security and Authorization
sujalrawal6
No ratings yet
Chapter - 6 Database Security and Authorization
Document25 pages
Chapter - 6 Database Security and Authorization
dawod
0% (1)
Inference Controls
Document21 pages
Inference Controls
kaushalnishant64
No ratings yet
USER Access
Document1 page
USER Access
Sharada Tatapudi
No ratings yet
Advanced Concept of Fundametals of Database Systemn
Document24 pages
Advanced Concept of Fundametals of Database Systemn
Ashebir Kussito
No ratings yet
Lecture 9
Document12 pages
Lecture 9
Endash Haile
No ratings yet
Database Security Lecture
Document45 pages
Database Security Lecture
Kilbz
No ratings yet
Privacy-Preserving Mechanism For Secure Medical Data
Document4 pages
Privacy-Preserving Mechanism For Secure Medical Data
Nexgen Technology
No ratings yet
Pci DSS:: What Every Dba Needs To Know
Document6 pages
Pci DSS:: What Every Dba Needs To Know
Benijamin Hadzalic
No ratings yet
L3 Access Control Concepts
Document19 pages
L3 Access Control Concepts
Jayz Joe
No ratings yet
Module 01 - 11 Feb 2024
Document10 pages
Module 01 - 11 Feb 2024
osama4717
No ratings yet
Firewall Trusted System
Document18 pages
Firewall Trusted System
Tanvi Modi
No ratings yet
Computer Security Techniques
Document25 pages
Computer Security Techniques
Ezra muchui murungi
No ratings yet
Types of IT Audits: Information Security (Module-1)
Document30 pages
Types of IT Audits: Information Security (Module-1)
Khateeb Ahmad
No ratings yet
CA Module 19
Document26 pages
CA Module 19
Alonso Alonso
No ratings yet
Database Security and Integrity Group 3
Document52 pages
Database Security and Integrity Group 3
Jm McCall
No ratings yet
IT Access Control and User Access Management Policy - 2022
Document6 pages
IT Access Control and User Access Management Policy - 2022
JA NE JA NE
No ratings yet
Birlamedisoft: ELV Extremely Low Voltage Systems
Document56 pages
Birlamedisoft: ELV Extremely Low Voltage Systems
STANDARD EDUCATION ACADEMY M.E.P CENTER
No ratings yet
Ian Talks Hacking A-Z
From Everand
Ian Talks Hacking A-Z
Ian Eress
No ratings yet
CISA Exam-Testing Concept-Classification of Information Assets (Domain-5)
From Everand
CISA Exam-Testing Concept-Classification of Information Assets (Domain-5)
Hemang Doshi
Rating: 3 out of 5 stars
3/5 (2)
eMaintenance: Essential Electronic Tools for Efficiency
From Everand
eMaintenance: Essential Electronic Tools for Efficiency
Diego Galar
No ratings yet