| 💼 7.2.1 An access control model is defined and includes granting appropriate access. | | | | | no data |
| 💼 7.2.2 Access is assigned to users, including privileged users, based on job classification, function, and least privileges. | | | 5 | | no data |
| 💼 7.2.3 Required privileges are approved by authorized personnel. | | | | | no data |
| 💼 7.2.4 All user accounts and related access privileges, including third-party/vendor accounts, are reviewed. | | | | | no data |
| 💼 7.2.5 All application and system accounts and related access privileges are assigned and managed. | 1 | | | | no data |
|  💼 7.2.5.1 All access by application and system accounts and related access privileges are reviewed. | | | | | no data |
| 💼 7.2.6 All user access to query repositories of stored cardholder data is restricted. | | | | | no data |