PCI Requirement 9 – Restrict Physical Access to Cardholder Data
Learn more at https://kirkpatrickprice.com/video/pci-requirement-9-restrict-physical-access-cardholder-data/ What would happen if your organization had no physical access controls protecting cardholder data? Made no effort to restrict physical access to cardholder data? No locks on the doors, no badge or identification system, no security guards, no receptionist? Without physical access controls, you give unauthorized persons a plethora of ways to potentially gain access to your facility and to steal, disable, disrupt, or destroy your critical systems and cardholder data. This is why PCI Requirement 9 requires, “Restrict physical access to cardholder data.” PCI Requirement 9 details 28 sub-requirements to help your organization restrict physical access to cardholder data. As you learn more about PCI Requirement 9, you’ll hear a few key terms over and over again. For the purposes of this requirement, onsite personnel are defined as full-time and part-time employees, temporary employees, contractors, and consultants who are physically present on an entity’s premise. Visitors are vendors, third parties, guests of any onsite personnel, service workers, or anyone who needs to enter the facility for a short duration, usually not more than one day. Media is all paper and electronic media containing cardholder data.