top of page
< Back

7.2 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID

PCI DSS

(v3.2.1)

7.2

Requirement 7: Restrict access to cardholder data by business need to know

(v3.2.1)

Establish an access control system(s) for systems components that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed.
This access control system(s) must include the following:

bottom of page