Site icon

Timeline for PCI DSS 4.0: The Ninth Requirement and Physical Access Security

pci dss 4.0 featured

When thinking about cybersecurity, many stakeholders outside the industry will rarely consider the physical systems supporting digital information. And yet, almost any security framework worth its salt will have some provision for securing physical systems and environments. PCI DSS 4.0 is no different, and the ninth requirement is dedicated to just this topic.

This article will discuss this requirement and exactly what it means to approach the physical security of systems containing cardholder data in compliance with PCI DSS.

 

What Is Physical Security in Cyber Defense?

When we think of hackers, we often think of faceless attackers online or behind email phishing campaigns, trying to compromise authentication or network security. However, many successful attacks will come from insider threats (especially when internal personnel aren’t adequately monitored) or old-fashioned social engineering. Many cases have been where entire systems have been compromised simply because a laptop with user credentials was stolen from a public space. 

Physical security includes some of the following measures and controls:

 

What Is the Ninth Requirement for PCI DSS 4.0?

Covering physical security, the ninth requirement details how organizations utilizing cardholder data must secure any physical space where that information, or IT infrastructure holding and information, is maintained. 

9.1 – Processes and Mechanisms for Restricting Physical Access to Cardholder Data

 

9.2 – Physical Access Controls Manage Entry into Facilities

 

9.3 – Physical Access for Personnel and Visitors

 

9.4 – Media with Cardholder Data is Secured

 

9.5 – Point of Interaction Devices are Protected from Tampering

 

Prepare for PCI DSS 4.0 with Lazarus Alliance

As we dig into the requirements of PCI DSS, you will see the increasing complexity and interoperability of the different technologies, policies, and practices you’ll need to deploy to receive PCI verification and maintain compliance. These practices aren’t just to complete a checklist. However–they are tried-and-true security practices that will help support your security efforts ten years from now. 

 

Are You Thinking Ahead for PCI DSS 4.0?

Call Lazarus Alliance at 1-888-896-7580 or fill in this form.

[wpforms id=”137574″]

Exit mobile version