Compass IT Compliance Blog

PCI Requirement 9 – Lock the Doors and Don’t Forget the Windows Too!

This is the ninth blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through this process. To view the previous posts in this series, click on the appropriate links below:  

PCI Requirement 1 - Defending the Wall

PCI Requirement 2 - Change Your Defaults!

PCI Requirement 3 - Don't Store Cardholder Data!

PCI Requirement 4 - Hide in Plain Sight!

PCI Requirement 5 - Update and Scan

PCI Requirement 6 - Patches and Scanning and Coding, Oh My!!

PCI Requirement 7 - Thou Shall Not Pass!

PCI Requirement 8 - Identify, Authenticate, and Authorize

PCI Requirement 9 - Restrict Physical Access to Cardholder Data

The NIST Cybersecurity Framework - The Recover Function

NIST Cybersecurity Framework – The Recover Function

PCI Requirement 8 - Identify, Authenticate, and Authorize!!

 

This is the eighth blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through this process.  To view the previous blog posts in this series, please follow the links below:

PCI Requirement 1 - Defending the Wall

PCI Requirement 2 - Change Your Defaults!

PCI Requirement 3 - Don't Store Cardholder Data!

PCI Requirement 4 - Hide in Plain Sight!

PCI Requirement 5 - Update and Scan

PCI Requirement 6 - Patches and Scanning and Coding, Oh My!!

PCI Requirement 7 - Thou Shall Not Pass!

PCI requirement 8: Identify and authenticate access to system components

PCI Requirement 7 - Thou Shall Not Pass!

This is the seventh blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through this process. For links to the previous posts in this series, use the links below:

PCI Requirement 1 - Defending the Wall

PCI Requirement 2 - Change Your Defaults!

PCI Requirement 3 - Don't Store Cardholder Data!

PCI Requirement 4 - Hide in Plain Sight!

PCI Requirement 5 - Update and Scan

PCI Requirement 6 - Patches and Scanning and Coding, Oh My!

PCI Requirement 7: Restrict access to cardholder data by business need to know

Requirement 7 kicks off the access control portion of your PCI Compliance program. There are some fundamentals that need to be kicked around before we dig into some of the challenges companies face. The 2 principles related to access controls that we are going to cover are:

Defending From Within

Hackers, Ransomware, and denial of service attacks get all of the attention when it comes to Information Security. However, you will quite often hear IT Security personnel state that the biggest threat to an organization is from within. With this in mind, if an organization’s biggest threat is its own employees, what can be done about this as an organization to mitigate risks associated with employees?