PCI Requirement 7.2.3 – Default “Deny-All” Setting
PCI v4.0 - 7.2.3: Access Privileges Are Granted by Authorized Personnel
PCI Requirement 7 – Restrict Access to Cardholder Data by Business Need to Know
PCI Requirement 7.3 – Document Policies & Procedures for Restricting Access to Cardholder Data
PCI Requirement 7.1.3 - Assign access based on individual personnel’s job classification & function
PCI Requirement 7.2.2 – Assignment of Privileges Based on Job Function
PCI Requirement 12.3.7 – List of Company-Approved Products
PCI Requirement 7.1.4 – Require Documented Approval by Authorized Parties
PCI Requirement 7.1 – Limit Access to System Components and Cardholder Data
PCI Requirement 2.2.5 - Remove all Unnecessary Functionality
PCI Requirement 7.1.2 – Restrict Access to Privileged User IDs to Least Privileges Necessary
PCI Requirement 5.2 – Ensure Anti-Virus Mechanisms are Current, Perform Scans, & Generate Audit Logs
PCI Requirement 5.1 – Deploy Anti-Virus Software on all Commonly Affected Systems
PCI Requirement 7.1.1 – Define Access Needs for Each Role
PCI Requirement 10.2 – Implement Automated Audit Trails for all System Components
PCI DSS Requirement 1.1.5 Defining Roles and Responsibilities for Managing Network Components
PCI DSS 3.2: Req. 10.8 and 10.8.1
PCI Requirement 5.4 – Ensure Security Policies and Procedures are Known to all Affected Parties
PCI DSS Requirement 1.2.1 Restrict Traffic to that which is Necessary
PCI Requirement 5.1.1 – Ensure Anti-Virus Programs Detect, Remove and Protect Against Malware
PCI Requirement 9.1 – Use Facility Entry Controls to Limit Physical Access to CDE
How PCI is bad for small business
ISO 27002 - Control 7.3.1 - Termination or Change of Employment Responsibilities
Ensure Proper Data Destruction and Disposal
Data Use, Retention, and Disposal