Sample PCI-DSS Policy Part 4: Access to Cardholder Data « PCI DSS Guru

27

Jul/08

Sample PCI-DSS Policy Part 4: Access to Cardholder Data

by Mark under Policy

Want a Word document copy of the entire policy template? Sign up for the PCI DSS Guru newsletter and receive a free copy that you can edit and use in your organization!

(7.1) Procedures for data control must be maintained by each department and must incorporate the following:

Access rights to privileged User IDs are restricted to least privileges necessary to perform job responsibilities
Assignment of privileges is based on individual personnel’s job classification and function
Requirement for an authorization form signed by management that specifies required privileges
Implementation of an automated access control system

No tags

1 Comment for this entry

JS
February 24th, 2009 on 10:39 am
Does Active Directory meet the automated access control system requirement?

1 Trackback or Pingback for this entry

A Sample Policy for PCI-DSS | dcvizcayno
November 21st, 2011 on 12:23 am
[...] Access to Cardholder Data [...]

Leave a Reply

RSS feed for this post (comments) · TrackBack URI

PCI Compliance Guide

Search

Categories

Copyright © 1996-2010 PCI DSS Guru. All rights reserved.