EasyManua.ls Logo

Toast PCI - 9.3 Control physical access for onsite personnel to sensitive areas as follows:

Default Icon
44 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Note:
“Sensitive areas” refers to any data center,
server room or any area that houses systems
that store, process, or transmit cardholder data.
This excludes public-facing areas where only
point-of-sale terminals are present, such as the
cashier areas in a retail store.
9.1.2 Implement physical and/or logical
controls to restrict access to publicly
accessible network jacks. For example,
network jacks located in public areas and
areas accessible to visitors could be disabled
and only enabled when network access is
explicitly authorized. Alternatively,
processes could be implemented to ensure
that visitors are escorted at all times in areas
with active network jacks.
Toast will restrict access to unused
network ports on networking equipment
during install (plugs or tape).
It is your responsibility to
ensure the security of your
physical environment.
9.1.3 Restrict physical access to wireless
access points, gateways, handheld devices,
networking/communications hardware, and
telecommunication lines.
It is your responsibility to
ensure the security of your
physical environment.
9.2 Develop procedures to easily distinguish
between onsite personnel and visitors, to
include:
• Identifying onsite personnel and visitors
(for example, assigning badges)
Changes to access requirements
• Revoking or terminating onsite personnel
and expired visitor identification (such as ID
badges).
You are responsible for
maintaining appropriate
policies and processes.
9.3 Control physical access for onsite
personnel to sensitive areas as follows:
• Access must be authorized and based on
individual job function.
• Access is revoked immediately upon
termination, and all physical access
mechanisms, such as keys, access cards, etc.,
are returned or disabled.
You are responsible for
maintaining appropriate
policies and processes.
9.4 Implement procedures to identify and
authorize visitors. Procedures should include
the following:
9.4.1 Visitors are authorized before entering,
and escorted at all times within, areas where
cardholder data is processed or maintained.
You are responsible for
maintaining appropriate
policies and processes.
9.4.2 Visitors are identified and given a badge
or other identification that expires and that
You are responsible for
maintaining appropriate
policies and processes.
PCI Instruction Guide
© Toast 2018
Page 32 of 44

Table of Contents

Related product manuals