[PCI DSS 3.0] [PCI DSS 3.0] 3.5.1 Restrict access to cryptographic keys to the fewest number of custodians necessary.

pcinetwork

PCINetwork.org Admin
#1
3.5.1 Restrict access to cryptographic keys to the fewest number of custodians necessary.

3.5.1 Examine user access lists to verify that access to keys is restricted to the fewest number of custodians necessary.

There should be very few who have access to cryptographic keys (reducing the potential for rending cardholder data visible by unauthorized parties), usually only those who have key custodian responsibilities.
 
Top