PCI DSS: Restricting Access to Cardholder Data

Requirements 7, 8 & 9 of PCI DSS version 3.2.1 are to Implement Strong Access Control Measures for logical and physical cardholder data. You'll understand what each requirement asks for and discover practical guidance from experienced PCI assessors.
Course info
Level
Intermediate
Updated
Dec 16, 2019
Duration
2h 8m
Table of contents
Course Overview
Requirement 7: Restrict Access to Cardholder Data
Requirement 8: Assign a Unique ID to Each Person with Computer Access
Requirement 9: Restrict Physical Access to Cardholder Data
Requirement 9.9: Security for Point of Sale Devices
Description
Course info
Level
Intermediate
Updated
Dec 16, 2019
Duration
2h 8m
Description

The key to achieving PCI DSS compliance is a thorough knowledge of each of the sub-requirements and how they will be assessed. In this course, PCI DSS: Restricting Access to Cardholder Data, you’ll learn how to interpret PCI DSS requirements 7, 8 & 9, and apply them to your organization. First, you’ll learn how PCI DSS wants role-based access and based on least privilege and need to know. Next, you’ll explore the long and prescriptive requirements about username, passwords and multi-factor authentication. Then you’ll take a look at the requirements related to the protection of cardholder data in physical format – written in paper and saved to electronic media. Finally, you’ll discover practical insights about both requirements from experienced PCI assessors. When you’ve finished with this course you will have the skills and knowledge to apply PCI DSS requirements 7, 8 and 9 to any organization’s environment and to determine whether it is compliant with the demands of the standard.

About the author
About the author

John Elliott is a data protection specialist. He helps organizations comply with regulations in a sensible and pragmatic way, balancing business needs, risk and regulations.

More from the author
PCI DSS: Achieving and Maintaining Compliance
Intermediate
4h 1m
May 22, 2020
PCI DSS: Detection, Assurance, and Management
Intermediate
3h 34m
Feb 6, 2020
More courses by John Elliott
About the author

Jacob Ansari worked on Pluralsight courses that cover the topic of PCI DSS Standards.

More from the author
PCI DSS: Achieving and Maintaining Compliance
Intermediate
4h 1m
May 22, 2020
PCI DSS: Detection, Assurance, and Management
Intermediate
3h 34m
Feb 6, 2020
More courses by Jacob Ansari
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hello. My name is Jonah Elliot. Welcome to the course. PC. Idea says restricting access to cardholder data in this course, I bring together the theoretical knowledge of P. C. I. D. S s requirements 78 and nine along with practical experience of how the standard really works. And I'm Jacob on Sorry, I'm a qualified security assessor or que esa Will Shellman and company. And I'm qualified to assess many of the PC high standards, including P C I. D S S P A D S S and P T. P. I've been an assessor for 14 years and have been doing this since the predecessor standards to PC ideas us. In this course, we will cover the authorization or on authentication related requirements of PC Idea says. So that's things like least privileged access control passwords on multi factor authentication as well as looking at logical access controls. We're going to find out about the physical security requirements in D. S s ranging from simple things which is visitor control in secure buildings toe how to prevent skimming in tampering attacks against devices that read payment cards for each PC ideas s requirement. I'm going to cover what the standards say what it means on what will be assessed by JK USA. Then Jacob and I will discuss some of the key practical aspects of getting compliance on being assessed. Ideally, you'll already understand the basics of payment, card processing and PC, Idea says. But if you just want to get to grips with the requirement, you'll be able to jump straight in with no problems. By the end of this course, we'll have a great understanding of both the theory and the practice to help you restrict access to cardholder data following the P. C. I. D. S s requirements. We do hope you'll join us to learn the theory and practice behind P. C. I. D. S s requirements 78 and nine with the PC idea says, restricting access to cardholder data course here at plural sites.