PDA

View Full Version : [PCI_DSS] Requirement 7: Restrict access to cardholder data by business need-to-know

  1. 7.1 Limit access to computing resources and cardholder information only to those individuals whose job requires such access.
  2. 7.2 Establish a mechanism for systems with multiple users that restricts access based on a user's need to know, and is set to deny-all unless specifically allowed.