PCIDSS.COM - PCI DSS Security Solutions Directory

Category: PCI DSS Requirement 7

Restrict access to cardholder data by business need to know.
All systems within the Cardholder Data Environment should have sufficiently configured access control to ensure only authorized internal individuals have access to the environment, systems and sensitive cardholder data. All other access by non-authorized individuals must be denied. The access control must be granular and linked directly to established job role and responsibilities. The core information security concepts of “need to know” as well as “least privilege” are key here.
“Need to know” is when access rights are granted to only the least amount of data and privileges needed to perform a job.

PCI Solution Provider


Privacy, it’s an issue that concerns businesses and their customers. In our digital age, maintaining privacy has become even more…

Read More

Global PCI DSS Solutions
PCI Solution Provider


Every day, companies like these use CallGuard to stop cardholder data being stored on call recordings or displayed to agents.

Read More

Choose Page Layout
Header Position
Submenu Style