Cardholder data and card systems should only be accessible to those that need that information to do their jobs. Once you’ve implemented access privileges, make sure to document it.
*This article was taken from our PCI Guide. For more information on this topic, download our free PCI Guide.
This requirement is one of the oldest and most basic parts of the PCI DSS (and data security in general).
There’s no new trend or solution. But not all organizations accurately comply with this requirement or have even tried role-based access at all.
This is all you need to know: don’t give access to people who don’t need it. Cardholder data and card systems should only be accessible to those that need that information to do their jobs. Once you’ve implemented access privileges, make sure to document it.
Cardholder data and card systems should only be accessible to those that need that information to do their jobs.
PCI DSS 4.0 raises the expectations of managing user accounts, system accounts, and access privileges. More frequent reviews are required. Prepare for the new requirements by thoroughly documenting all accounts and related access privileges.
.svg)
