top of page
9.3 PCI DSS (v3.2.1)
Compliance Standard
Compliance Version
Control ID
PCI DSS
(v3.2.1)
9.3
Requirement 9: Restrict physical access to cardholder data
(v3.2.1)
Control physical access for onsite personnel to sensitive areas as follows:
• Access must be authorized and based on individual job function.
• Access is revoked immediately upon termination, and all physical access mechanisms, such as keys, access cards, etc., are returned or disabled.
bottom of page