PCI Requirement 9.8.2 – Render CHD on Electronic Media Unrecoverable
PCI Requirement 9.8 – Destroy Media When it is no Longer Needed
PCI Requirement 9.9.2 – Periodically Inspect Device Surfaces to Detect Tampering or Substitution
PCI Requirement 9.6.2 – Send the Media by Secured Courier
PCI Requirement 9.9.3 – Provide Training for Personnel to Be Aware of Attempted Tampering of Devices
PCI Requirement 9.9.1 – Maintain an Up-To-Date List of Devices
PCI Requirement 9.6.3 – Ensure Management Approves All Media Moved from a Secured Area
PCI Requirement 9.6.1 – Classify Media so the Sensitivity of the Data Can Be Determined
PCI Requirement 12.3.1 – Explicit Approval by Authorized Parties
PCI Requirement 12.8.4 and 12.8.5 – Monitor Service Providers’ PCI DSS Compliance Status
PCI Requirement 7.1.2 – Restrict Access to Privileged User IDs to Least Privileges Necessary
PCI Requirement 9.5.1 – Store Media Backups in a Secure Location and Review the Location’s Security
PCI Requirement 9.7.1 – Properly Maintain Inventory Logs of All Media
PCI Requirement 7.2.3 – Default “Deny-All” Setting
PCI Requirement 10.8 –Implement a Process for the Detection of Failures of Critical Control Systems
PCI Requirement 12.8 – Maintain Policies and Procedures to Manage Service Providers
PCI Requirement 12.4 – Ensure Security Policies & Procedures Define Responsibilities for All
PCI DSS 3.2: Req. 10.8 and 10.8.1
PCI Requirement 12.3.5 – Acceptable Uses of the Technology
PCI Requirement 12.3.3 – A List of All Such Devices and Personnel with Access
