| ๐ผ 7.1 Limit access to system components and cardholder data to only those individuals whose job requires such access. | 4 | | | |
| ย ย ย ย ๐ผ 7.1.1 Define access needs for each role. | | | | |
| ย ย ย ย ๐ผ 7.1.2 Restrict access to privileged user IDs to least privileges necessary to perform job responsibilities. | | | | |
| ย ย ย ย ๐ผ 7.1.3 Assign access based on individual personnel's job classification and function. | | | | |
| ย ย ย ย ๐ผ 7.1.4 Require documented approval by authorized parties specifying required privileges. | | | | |
| ๐ผ 7.2 Establish an access control system(s) for systems components that restricts access based on a user's need to know, and is set to โdeny allโ unless specifically allowed. | 3 | | | |
| ย ย ย ย ๐ผ 7.2.1 Coverage of all system components. | | | 5 | |
| ย ย ย ย ๐ผ 7.2.2 Assignment of privileges to individuals based on job classification and function. | | | | |
| ย ย ย ย ๐ผ 7.2.3 Default โdeny-allโ setting. | | | | |
| ๐ผ 7.3 Ensure that security policies and operational procedures for restricting access to cardholder data are documented, in use, and known to all affected parties. | | | | |