PCI 7:

Requirement 7: Restrict access to data by business need-to-know.

• This ensures critical data can only be accessed in an authorized manner.

PCI-7.1 Limit access to computing resources and cardholder information to only those individuals whose job requires such access.

PCI-7.2 Establish a mechanism for systems with multiple users that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed.

--Mdpeters 12:47, 7 July 2006 (EDT)