💼 9.4 Media with cardholder data is securely stored, accessed, distributed, and destroyed.

• Contextual name: 💼 9.4 Media with cardholder data is securely stored, accessed, distributed, and destroyed.

• ID: /frameworks/pci-dss-v4.0.1/09/04

• Located in: 💼 9 Restrict Physical Access to Cardholder Data

Description

Empty...

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 9.4.1 All media with cardholder data is physically secured.	2
💼 9.4.1.1 Offline media backups with cardholder data are stored in a secure location.
💼 9.4.1.2 The security of the offline media backup location(s) with cardholder data is reviewed at least once every 12 months.
💼 9.4.2 All media with cardholder data is classified in accordance with the sensitivity of the data.
💼 9.4.3 Media with cardholder data sent outside the facility is secured.
💼 9.4.4 Management approves all media with cardholder data that is moved outside the facility.
💼 9.4.5 Inventory logs of all electronic media with cardholder data are maintained.	1		6
💼 9.4.5.1 Inventories of electronic media with cardholder data are conducted at least once every 12 months.
💼 9.4.6 Hard-copy materials with cardholder data are destroyed when no longer needed for business or legal reasons.
💼 9.4.7 Electronic media with cardholder data is destroyed when no longer needed for business or legal reasons.