127
InformatIon SecurIty PolIcy DeveloPment for comPlIance
Requir e ment 7—Restrict Access to Cardholder Data by Bu siness
Nee
d
to Kn
ow
7.1 Limit access to system components and cardholder data to only
those individuals whose job requires such access. Access limitations
must include the following:
7.1.1
Res
triction of access rights to privileged user IDs to least
privileges necessary to perform job responsibilities
7.1.2
Ass
ignment of privileges based on individual personnel’s
job classication and function
7.1.3
Req
uirement for a documented approval by authorized
parties specifying required privileges
7.1.4
Imp
lementation of an automated access control system
7.2 Establish an access control system for systems components with
multiple user ...