PCI Requirement 9.7.1 – Properly Maintain Inventory Logs of All Media
PCI Requirement 9.7 – Maintain Strict Control Over the Storage and Accessibility of Media
PCI Requirement 9.8.1 – Shred Hard-Copy Materials so CHD Cannot be Reconstructed
PCI Requirement 7.1.1 – Define Access Needs for Each Role
PCI Requirement 9.4.1 – Visitors are Authorized Before Entering, and Escorted at all Times
PCI Requirement 9.6.1 – Classify Media so the Sensitivity of the Data Can Be Determined
PCI Requirement 10.1 – Implement Audit Trails to Link all Access to System Components
PCI Requirement 11.1 – Implement Processes to Test for the Presence of Wireless Access Points
PCI Requirement 9.5 – Physically Secure all Media
PCI Requirement 9.1.2 – Implement Physical Controls to Restrict Access to Accessible Network Jacks
PCI Requirement 9.6.2 – Send the Media by Secured Courier
PCI Requirement 10.2.1 – All Individual User Accesses to Cardholder Data
PCI Requirement 10.8.1 –Respond to Failures of Any Critical Security Controls in a Timely Manner
PCI Requirement 8.5.1 – Remote Access to Customer Premises Must Use Unique Authentication
PCI Requirement 10.8 –Implement a Process for the Detection of Failures of Critical Control Systems
PCI Requirement 9.6.3 – Ensure Management Approves All Media Moved from a Secured Area
PCI Readiness Series: Penetration Testing
PCI Requirement 7.1.2 – Restrict Access to Privileged User IDs to Least Privileges Necessary
PCI Requirement 9.5.1 – Store Media Backups in a Secure Location and Review the Location’s Security
PCI Requirement 10.7 – Retain Audit Trail History for at Least One Year, with Three Months Available
PCI Requirement 7.1.3 - Assign access based on individual personnel’s job classification & function
PCI Requirement 11.3 – Implement a Methodology for Penetration Testing
PCI Requirement 10.5.5 – Use File-Integrity Monitoring or Change-Detection Software on Logs
PCI Requirement 8.2.1 – Use Strong Cryptography to Render All Authentication Credentials Unreadable
PCI Requirement 8.1 – Define and Implement Policies and Procedures to Ensure Proper User Management