top of page
< Back

9.3 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Requirement 9: Restrict physical access to cardholder data


Control physical access for onsite personnel to sensitive areas as follows:
• Access must be authorized and based on individual job function.
• Access is revoked immediately upon termination, and all physical access mechanisms, such as keys, access cards, etc., are returned or disabled.

bottom of page