PCI 9:: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 22: | Line 22: | ||
:'''PCI-9.3 Use appropriate facility entry controls to limit and monitor physical access to systems that store, process, or transmit cardholder data.'''<br> | :'''PCI-9.3 Use appropriate facility entry controls to limit and monitor physical access to systems that store, process, or transmit cardholder data.'''<br> | ||
<br> | <br> | ||
:*'''Make sure all visitors are:''' | |||
<br> | <br> | ||
::[[Image:Key-control.jpg]][[PCI-9.3.1:|PCI-9.3.1 Authorized before entering areas where cardholder data is processed or maintained.]]<br> | ::[[Image:Key-control.jpg]][[PCI-9.3.1:|PCI-9.3.1 Authorized before entering areas where cardholder data is processed or maintained.]]<br> |
Latest revision as of 15:30, 1 March 2007
Requirement 9: Restrict physical access to cardholder data.
- Any physical access to data or systems that house cardholder data allows the opportunity to access devices or data, and remove systems or hardcopies, and should be appropriately restricted.
- PCI-9.1 Use appropriate facility entry controls to limit and monitor physical access to systems that store, process, or transmit cardholder data.
- PCI-9.2 Develop procedures to help all personnel easily distinguish between employees and visitors, especially in areas where cardholder information is accessible. “Employee” refers to full-time and part-time employees, temporary employees/personnel, and consultants who are “resident” on the entity’s site. A “visitor” is defined as a vendor, guest of an employee, service personnel, or anyone who needs to enter the facility for a short duration, usually not more than one day.
- PCI-9.2 Develop procedures to help all personnel easily distinguish between employees and visitors, especially in areas where cardholder information is accessible. “Employee” refers to full-time and part-time employees, temporary employees/personnel, and consultants who are “resident” on the entity’s site. A “visitor” is defined as a vendor, guest of an employee, service personnel, or anyone who needs to enter the facility for a short duration, usually not more than one day.
- PCI-9.3 Use appropriate facility entry controls to limit and monitor physical access to systems that store, process, or transmit cardholder data.
- Make sure all visitors are:
- PCI-9.7 Maintain strict control over the internal or external distribution of any kind of media that contains cardholder information.
- PCI-9.9 Maintain strict control over the storage and accessibility of media that contains cardholder information:
- PCI-9.10 Destroy media containing cardholder information when it is no longer needed for business or legal reasons:
--Mdpeters 12:57, 7 July 2006 (EDT)