PCI Requirement 12.3.5 – Acceptable Uses of the Technology
PCI Requirement 12.3.6 – Acceptable Network Locations for the Technologies
PCI Requirement 12.3 – Develop Usage Policies for Critical Technologies
PCI Requirement 12.3.10 – Prohibit the Moving of Cardholder Data onto Local Hard Drives
PCI Requirement 12.3.2 – Authentication for Use of the Technology
PCI Requirement 12.5.3 – Establish Security Incident Response and Escalation Procedures
PCI Requirement 12.5.5 – Monitor and Control All Access to Data
PCI Requirement 12.8.4 and 12.8.5 – Monitor Service Providers’ PCI DSS Compliance Status
PCI Requirement 12.5.4 – Administer User Accounts, Including Additions, Deletions, and Modifications
PCI Requirement 5.3 – Ensure Anti-Virus Mechanisms are Active and Can’t be Altered
PCI Requirement 7.3 – Document Policies & Procedures for Restricting Access to Cardholder Data
PCI Requirement 5.1.1 – Ensure Anti-Virus Programs Detect, Remove and Protect Against Malware
PCI Requirement 8.4 – Document and Communicate Authentication Policies and Procedures to All Users
PCI Requirement 12.4 – Ensure Security Policies & Procedures Define Responsibilities for All
PCI Requirement 12.9 – Service Providers are Responsible for the Security of Cardholder Data
Acceptable use policies
PCI Requirement 12.8.3 – Ensure there is an Established Process for Engaging Service Providers
PCI Requirement 9.8 – Destroy Media When it is no Longer Needed
PCI Requirement 9.8.1 – Shred Hard-Copy Materials so CHD Cannot be Reconstructed
PCI Requirement 9.9.3 – Provide Training for Personnel to Be Aware of Attempted Tampering of Devices
