Locking console login screens prevents unauthorized people from accessing sensitive information, changing system configurations, bringing security vulnerabilities to the network, or destroying records.Īlso, system consoles should be locked when they are not used to prevent unauthorized access. Unauthorized persons may potentially gain unauthorized access to the facility to steal, disable, disrupt or destroy critical systems and cardholder data in the absence of physical access controls such as badge systems and door controls.
See Also: PCI Compliant Data Center Requirements Examples of physical security controls include badge readers or key-controlled access locks. Requirement 9.1 requires physical security audits for computer rooms, data centers and other fields containing cardholder data.
PCI DSS Requirement 9.1: Use appropriate facility access controls to limit and monitor physical access to systems in the cardholder data environment. Let’s take a look at the sub-requirements in requirement 9. PCI DSS Requirement 9 is concerned with controlling physical access to all systems in the cardholder data environment that stores, processes, or transmits cardholder data. See Also: PCI DSS Requirement 9 Through Physical Security Media refers to all cardholder data contained in paper and electronic media. Consequently, such access should be restricted to authorized personnel only.įor PCI DSS Requirement 9, “on-site staff” refers to full-time and part-time employees, temporary staff, contractors and consultants who are physically present at the company’s site.Ī “visitor” refers to a reseller, the guest of any facility staff, service workers, or any person who should enter the facility, usually no more than one day.
PCI DSS Requirement 9: Restrict physical access to cardholder data.Īny physical access to systems holding cardholder data allows individuals to access devices or data and destroy systems or hard copies. PCI DSS Requirement 9.10: Ensure that security policies and operational procedures to restrict physical access to cardholder data are documented, in use, and known to all affected parties.
0 kommentar(er)
