Professional Documents
Culture Documents
PCI Compliance Requirement 7
PCI Compliance Requirement 7
Objective:
This requirement ensures critical data can only be accessed by authorized personnel.
Requirement
7.1 Limit access to computing resources and cardholder information only to those individuals whose job requires such access.
The more people who have access to cardholder data, the more risk there is that a users account will be used maliciously. Limiting access to those with a strong business reason for the access helps your organization prevent mishandling of cardholder data through inexperience or malice. Your organization should create a clear policy for data access control to define how, and to whom, access is granted.
Networking ACLs
An Access Control List refers to rules that are applied to port numbers or network daemon names that are available on a host or other layer 3, each with a list of hosts and/or networks permitted to use the service.