PCI Compliance Requires Regular User Access Reviews
The Payment Card Industry Data Security Standards (PCI DSS) must be followed by any organization that processes or stores payment card information. A key tenet of the PCI standards is to restrict access to cardholder data to only those requiring access. Requirement 7 of the standard is titled:
Requirement 7: Restrict access to cardholder data by business need to know
Specifically, requirement 7 has two requirements around limiting access to cardholder data:
7.1 Limit access to system components and cardholder data to only those individuals whose job requires such access.
7.2 Establish an access control system(s) for systems components that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed.
Both of those requirements focus on knowing who has access to what and ensuring that access is appropriate. Access Auditor helps companies by maintaining an access rights warehouse providing instant reports on access to cardholder data. Periodic review of access rights (user entitlement reviews) can be started with the push of a button. In addition, real-time reviews will initiate a user entitlement review whenever sensitive access is changed and new access is discovered.
Related Information
The Bancorp Automates User Access Reviews with Access Auditor
Access Auditor Brochure
Automates User Access Reviews and Identity Governance
Starwood Hotels Simplifies User Access Rights Controls for PCI and SOX with Access Auditor®
Successful Customers
Access Auditor allowed us to move away from a labor-intensive manual process to an automated process that has saved us many labor hours.