Requirement 7: Restrict access to cardholder data by business need-to-know
This requirement ensures that sensitive data is accessed in an authorized manner. The following table lists the specific sub-requirements in Requirement 7 that are addressed by TIBCO LogLogic® Compliance Suite - PCI Edition.
Requirement 7 | Restrict aces to cardholder data by business ned-to-know |
---|---|
7.1 | Limit access to computing resources and cardholder information only to those individuals whose job requires such access |
7.2 | Establish a mechanism for systems with multiple users that restricts access based on a user’s need to know and is set to “deny all” unless specifically allowed |
7.3 | Ensure that security policies and operational procedures for managing vendor defaults and other security parameters are documented, in use, and known to all affected parties. Update: v3.0 November 2013. |
Copyright © Cloud Software Group, Inc. All rights reserved.