User Access Reviews for PCI

User Access Reviews for PCI Compliance

The Payment Card Industry Data Security Standards (PCI DSS) must be followed by any organization that processes or stores payment card information. A key tenet of the PCI standards is to restrict access to cardholder data to only those requiring access. Requirement 7 of the standard is titled:

Requirement 7: Restrict access to cardholder data by business need to know

Specifically, requirement 7 has two requirements around limiting access to cardholder data:

7.1 Limit access to system components and cardholder data to only those individuals whose job requires such access.

7.2 Establish an access control system(s) for systems components that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed.

Both of those requirements focus on knowing who has access to what and ensuring that access is appropriate. Access Auditor helps companies by maintaining an access rights warehouse providing instant reports on access to cardholder data. Periodic review of access rights (user entitlement reviews) can be started with the push of a button. In addition, real-time reviews will initiate a user entitlement review whenever sensitive access is changed and new access is discovered.

RELATED INFORMATION

Starwood Hotels Simplifies User Access Rights Controls for PCI and SOX with Access Auditor®

The Bancorp Automates User Access Reviews with Access Auditor

Access Auditor - Identity Compliance Made Simple

SUCCESSFUL CUSTOMERS

WHAT OUR CUSTOMERS ARE SAYING

Access Auditor allowed us to move away from a labor-intensive manual process to an automated process that has saved us many labor hours.

— Michael Lavorel, Executive Director of Information Resources Technology, Children’s National Medical Center

NEXT STEPS

Schedule a demo to learn how you can automate your user access reviews in under one week.

REQUEST A DEMO