A retail merchant has a server room containing systems that store encrypted PAN dat
a. The merchant has Implemented a badge access-control system that Identifies who entered and exited the room, on what date, and at what time. There are no video cameras located in the server room. Based on this information, which statement is true regarding PCI DSS physical security requirements?
Physical Security Requirements:
PCI DSS Requirement 9.1.1 mandates that physical access control systems (like badge readers) must be protected against tampering or disabling to ensure continuous security.
Current Implementation:
The merchant's badge access-control system provides essential logging of access events but must also be protected against tampering to comply with PCI DSS.
Invalid Options:
B: Video cameras are recommended but not explicitly required if access controls effectively ensure security.
C: Secure deletion of access-control logs is not a PCI DSS requirement; logs must be retained as per retention policies.
D: Motion-sensing alarms are not mandatory under PCI DSS physical security requirements.
Helga
21 days agoWilda
22 days agoJean
23 days agoCarin
7 days agoRene
14 days agoTambra
30 days agoGermaine
1 months agoLashandra
1 months agoMattie
1 months agoDean
6 days agoNoel
9 days agoJacki
10 days agoMerrilee
15 days ago