PCI Requirement 8.7 – Restrict All Access to Any Database Containing Cardholder Data
The PCI Compliant Database
PCI Requirement 9.7.1 – Properly Maintain Inventory Logs of All Media
PCI Requirement 8.6 – Authentication Mechanisms Must Not Be Shared Among Multiple Accounts
PCI Requirement 10.8.1 –Respond to Failures of Any Critical Security Controls in a Timely Manner
PCI Requirement 8.1.7 – Set Lockout Duration to a Minimum of 30 Minutes
PCI Requirement 12.3.7 – List of Company-Approved Products
PCI Requirement 8.8 – Ensure Policies & Procedures for Authentication are Documented
PCI Requirement 10.8 –Implement a Process for the Detection of Failures of Critical Control Systems
PCI Requirement 8.2.3 – Passwords Require a Min. of Seven Characters and Contain Numbers & Letters
PCI Requirement 8.1.2 – Control Addition, Deletion, and Modification of User IDs, Credentials
PCI Requirement 11.4 – Use Intrusion-Detection and/or Intrusion-Prevention Techniques
PCI Requirement 8.2.6 – Set Passwords for First-Time Use and Upon Reset to a Unique Value
PCI Requirement 11.1 – Implement Processes to Test for the Presence of Wireless Access Points
Establishing the Scope of your Cardholder Data Environment
PCI Requirement 7.1.3 - Assign access based on individual personnel’s job classification & function
PCI Requirement 9 – Restrict Physical Access to Cardholder Data
PCI Requirement 10.2.5 – Use of and Changes to Identification Accounts with Root Privileges
PCI Requirement 8.3.1 – Incorporate Multi-Factor Authentication for All Non-Console Access
PCI Requirement 8.1 – Define and Implement Policies and Procedures to Ensure Proper User Management