PCIDSS.COM - PCI DSS Security Solutions Directory

Category: PCI DSS Requirement 9

Restrict Physical Access to Cardholder Data

It is possible for individuals to access, remove, or access systems or hardcopies containing cardholder data through any physical access to cardholder data or systems that store, process, or transmit cardholder data. Consequently, appropriate restrictions should be placed on physical access.

In Requirement 9, three distinct areas are mentioned:

  1. The purpose of requirements that specifically address sensitive areas is to only apply to those areas.
  2. The CDE as a whole is intended to be subject to any and all requirements that specifically address the CDE’s sensitive areas.
  3. The kinds of controls that can be managed more broadly at the physical boundary of a business premise (such as a building) where CDEs and sensitive areas reside are the subject of requirements that specifically refer to the facility. A guard desk that identifies, badges, and records visitors is one example of these controls, which frequently exist outside of a CDE or sensitive area. The term “facility” is used to indicate that these controls may be present at various locations within a facility, such as the entrance to a building or an internal entrance to an office or data center.
PCI Solution Provider

Aruba

Aruba WLANs are architected with multiple levels of protection to meet today?s stringent security requirements. With Aruba, organizations gain a…

Read More

PCI Solution Provider

Aruba networks

Aruba WLANs are architected with multiple levels of protection to meet today?s stringent security requirements. With Aruba, organizations gain a…

Read More

PCI Solution Provider

Vocalcom

Vocalcom was founded on the principle of simple design, providing solutions that are easy for agents and customers to use.…

Read More

Location
USA1 Boston Way 37th Floor Boston, MA 02108
Rating
0 / 5
Views
2950