
	Home > Security Video Library > PCI compliance requirement 7: Restrict access

PCI compliance requirement 7: Restrict access:

EMAIL THIS

PCI compliance requirement 7: Restrict access

DATE: 01 Jun 2009

Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 7: "Restrict access to cardholder data by business need-to-know." To meet PCI compliance requirement 7, you must:

Have a policy and dcoumented processes that limit who can have access to cardholder data
Have systems that enforce the policy

The compliance duo addresses common questions related to PCI compliance requirement 7, like "Do we need an automated access control system?"

Watch the rest of the PCI compliance videos, as Ed and Diana review each particular requirement.

Editor's note: This video is based on PCI DSS version 1.1. For updated information on the changes in PCI DSS version 1.2, see the following:


More on PCI Data Security Standard

			PCI compliance requirement 12: Policy VIDEO - To pass the Payment Card Industry Data Security Standard, particularly Requirement 12, it's important that you maintain a body of policy or documentation of how you will address ... ( Jun 01, 2009 )


			PCI compliance requirement 11: Testing VIDEO - PCI Requirement 11 is a popular one, according to Diana Kelley. Learn why in this instructional video. ( Jun 01, 2009 )


			PCI compliance requirement 10: Auditing VIDEO - Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 10: "Track and monitor all access to network resources and cardholder data." ( Jun 01, 2009 )


	PCI tokenization push promising but premature, experts ... ARTICLE - Merchants see value in the technology helping to reduce the scope of a PCI assessment, but a lack of standards and complexity issues are a cause for concern. ( Mar 04, 2010 )


	PCI compliance requirements affect IT risk assessments TIP - In this chapter excerpt, Dr. Anton Chuvakin and Branden Williams discuss how to best approach PCI compliance requirements in your organization. ( Feb 22, 2010 )


	New data protection laws MAGAZINE FEATURE - Massachusetts 201 CMR 17.00 and Nevada's data protection law establish new standards for personal data protection ( Feb 02, 2010 )


	No major PCI DSS revision expected in 2010 ARTICLE - The next revision of PCI DSS will contain clarifications, but no major revisions, according to Bob Russo, general manager of the PCI Security Standards Council. ( Jan 27, 2010 )


	PCI QSAs, certifications to get new scrutiny ARTICLE - The PCI Security Standards Council now has a team of five reviewing PCI assessments for inconsistencies and has increased funding for its QSA oversight program. ( Jan 26, 2010 )

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2010, TechTarget \| Read our Privacy Policy