PCI Requirement 7.3 – Document Policies & Procedures for Restricting Access to Cardholder Data
PCI Requirement 7 – Restrict Access to Cardholder Data by Business Need to Know
PCI v4.0 - 7.3.1: Have an Access Control System In Place
PCI v4.0 - 7.3.3: Access Control System Is Set to Deny All By Default
PCI v4.0 - 7.3.2: Access Control System Is Configured Correctly
PCI Requirement 7.2.3 – Default “Deny-All” Setting
PCI Requirement 3.7 Security Policies & Operational Procedures
PCI Monthly Update: October - New SAQ Review, Focused Look at Requirement 7, and Expert QSA Insights
PCI Requirement 7.2 – Establish an Access Control System
PCI Requirement 7.1.4 – Require Documented Approval by Authorized Parties
PCI Requirement 5.2 – Ensure Anti-Virus Mechanisms are Current, Perform Scans, & Generate Audit Logs
PCI Requirement 5.3 – Ensure Anti-Virus Mechanisms are Active and Can’t be Altered
PCI Requirement 12.8.4 and 12.8.5 – Monitor Service Providers’ PCI DSS Compliance Status
PCI Requirement 5.1 – Deploy Anti-Virus Software on all Commonly Affected Systems
PCI Requirement 7.1.1 – Define Access Needs for Each Role
PCI Requirement 6.2 – Ensure all Systems and Software are Protected from Known Vulnerabilities
PCI Requirement 12.5 – Assign Information Security Management Responsibilities to a Team
PCI Requirement 8.4 – Document and Communicate Authentication Policies and Procedures to All Users
Requirement 4: Encrypt Transmission of Cardholder Data Across Open, Public Networks
PCI Requirement 12.3.5 – Acceptable Uses of the Technology
PCI Requirement 12.6.2 – Require Personnel to Read and Understand Security Policies and Procedures
ISO 27002 - Control 7.3.1 - Termination or Change of Employment Responsibilities
PCI Requirement 7.2.2 – Assignment of Privileges Based on Job Function
PCI Requirement 8.1.7 – Set Lockout Duration to a Minimum of 30 Minutes
PCI Requirement 5.1.1 – Ensure Anti-Virus Programs Detect, Remove and Protect Against Malware
