top of page
< Back

7.2 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Requirement 7: Restrict access to cardholder data by business need to know


Establish an access control system(s) for systems components that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed.
This access control system(s) must include the following:

bottom of page