PCI Requirement 7.1.4 – Require Documented Approval by Authorized Parties
PCI Requirement 7 – Restrict Access to Cardholder Data by Business Need to Know
PCI Requirement 7.1.1 – Define Access Needs for Each Role
PCI Requirement 7.1.3 - Assign access based on individual personnel’s job classification & function
PCI Requirement 7.1.2 – Restrict Access to Privileged User IDs to Least Privileges Necessary
PCI Requirement 7.2.1 – Coverage of all System Components
PCI Requirement 5.1 – Deploy Anti-Virus Software on all Commonly Affected Systems
PCI Requirement 11.4 – Use Intrusion-Detection and/or Intrusion-Prevention Techniques
PCI Requirement 7.3 – Document Policies & Procedures for Restricting Access to Cardholder Data
PCI Requirement 7.2 – Establish an Access Control System
PCI Requirement 10.4.1 – Critical Systems Have the Correct and Consistent Time
PCI Requirement 8.4 – Document and Communicate Authentication Policies and Procedures to All Users
PCI Requirement 11.3.2 – Perform Internal Penetration Testing at Least Annually
PCI Requirement 10.7 – Retain Audit Trail History for at Least One Year, with Three Months Available
PCI Requirement 9.7.1 – Properly Maintain Inventory Logs of All Media
PCI Requirement 8.8 – Ensure Policies & Procedures for Authentication are Documented
PCI Requirement 12.3.2 – Authentication for Use of the Technology
PCI Requirement 9.4.1 – Visitors are Authorized Before Entering, and Escorted at all Times
PCI Requirement 10.9 – Document Policies & Procedures for Monitoring Access to Network Resources
PCI Requirement 12.3.1 – Explicit Approval by Authorized Parties
