PCI DSS REQUIREMENT 7 | RESTRICT ACCESS TO CARDHOLDER DATA | SAMPLE PCI COMPLIANCE POLICIES, PROCEDURES, TEMPLATES
PCI Requirement 7, “Restrict access to cardholder data by need to know”, is yet another area that calls for PCI compliance policies, procedure, and templates, as this “requirement” relates to limiting access to critical data on a “need to know” basis only. One of the very best ways to achieve this is by incorporating Role Based Access Control – simply known as RBAC – whereby privileges and rights for accessing systems are assigned to individuals based on specific job classifications and functions. And a large part of Requirement 7 calls for “confirming” and “examining” systems for ensuring they’re meeting the stated PCI guideline, such as the following:
• Access rights for privileged users are restricted to least privileges necessary to perform job responsibilities.
• Privileges are assigned to individuals based on job classification and function, such as Role Based Access Control (RBAC).
• An authorization form is required for all access, which must specify required privileges, and it must be signed by management.
• Access controls are implemented via an automated access control system.
• Access control systems are in place on all system components.
• Access control systems are configured to enforce privileges assigned to individuals based on job classification and function.
• Access control systems have a “deny all” setting.
Sample PCI Policies, Procedures, Templates for SAQ A – D, P2PE-HW, and Onsite Assessments
One of the very best ways to documents the above requirements, and in turn, comply with PCI is having PCI compliance policies, procedures, and templates in place, such as those offered by pcipolicyportal.com. pcipolicyportal.com offers both merchants and service providers policy documentation that maps directly to each of the following PCI compliance programs for self-assessments and onsite assessments by a PCI-QSA:
• SAQ A for Merchants
• SAQ B for Merchants
• SAQ C for Merchants
• SAQ C-VT for Merchants
• SAQ D for Merchants and Service Providers
• SAQ P2PE-HW for Merchants
• Onsite Assessments by PCI-QSA for Merchants and Service Providers
Purchase and immediately download your PCI Policies Packet today for SAQ A, B, C, C-VT, D, P2PE-HW, and Level 1 onsite assessments.
Policy and Procedure Writing Experts | Join us for Free PCI Webinars | Get Compliant Today
So trust the experts at pcipolicyportal.com for sample PCI compliance policies, procedure, templates, and other supporting documentation. Providing policy documentation specific to each of the above reporting requirements gives you piece of mind in knowing you’re getting exactly what you need. Learn more about our policy and procedure writing services, the PCI certification process for both the Self-Assessment Questionnaires (SAQ A – D), and Level 1 onsite assessments, along with the need for sample PCI compliance policies, procedures, and templates for compliance. Additionally, join us for free PCI training webinars to learn more about compliance with the Payment Card Industry Data Security Standards (PCI DSS).