Sorry, but nothing matched your search terms. Please try again with some different keywords.
Category: PCI DSS Requirement 9
Restrict physical access to cardholder data.
PCI DSS Requirement 9 relates to physical security. All physical access to cardholder data within the cardholder data environment must be controlled and restricted to only indivuals who require this physical access. This cardholder data includes the environments themselves, servers or systems storing, processing or transmitting sensitive cardholder data, physical manifestations such as print-outs or reports etc. It should be noted that the term “onsite personnel” detailed within requirement 9 refers to any individual representing an organization who are physically present on the entity’s premises and who have direct physical access to cardholder data. A “visitor” refers to an individual who enters the facility for a short duration, typically not more than one day. Additionally, this type of individual is typically not directly employed by the organization but is allowed temporary access for the duration of their visit. “Media” refers to any manifestation of sensitive cardholder data stored on hardcopy (paper, receipts, reports etc.) or electronic media (servers, hard drives, portable drives etc.)