PCI Requirement 9.5 – Physically Secure all Media
PCI Requirement 9.5.1 – Store Media Backups in a Secure Location and Review the Location’s Security
PCI v4.0 - 9.5.1: Point-of-Interaction Devices Are Protected
PCI v4.0 - 9.5.1.2 & 9.5.1.2.1: Periodically Inspect Point-of-Interaction Devices
PCI v4.0 - 9.5.1.3: Provide Training for Personnel in Point-of-Interaction Environments
PCI Requirement 9 – Restrict Physical Access to Cardholder Data
PCI Requirement 9.9.2 – Periodically Inspect Device Surfaces to Detect Tampering or Substitution
PCI Requirement 9.6.1 – Classify Media so the Sensitivity of the Data Can Be Determined
PCI Requirement 9.9.3 – Provide Training for Personnel to Be Aware of Attempted Tampering of Devices
PCI Requirement 12.5 – Assign Information Security Management Responsibilities to a Team
PCI Requirement 9.7 – Maintain Strict Control Over the Storage and Accessibility of Media
PCI Requirement 12.8.4 and 12.8.5 – Monitor Service Providers’ PCI DSS Compliance Status
PCI Requirement 9.9 – Protect Devices That Capture Payment Card Data via Direct Physical Interaction
PCI Requirement 9.8.1 – Shred Hard-Copy Materials so CHD Cannot be Reconstructed
PCI Requirement 9.8 – Destroy Media When it is no Longer Needed
PCI Requirement 9.7.1 – Properly Maintain Inventory Logs of All Media
PCI Requirement 11.1 – Implement Processes to Test for the Presence of Wireless Access Points
PCI Requirement 12.10.1 – Create the Incident Response Plan to Be Implemented
PCI Requirement 9.6.2 – Send the Media by Secured Courier
PCI Requirement 9.1.2 – Implement Physical Controls to Restrict Access to Accessible Network Jacks
