[PCI DSS 3.0] [PCI DSS 3.0] 7.1.4 Require documented approval by authorized parties specifying required privileges.

pcinetwork

PCINetwork.org Admin
#1
7.1.4 Require documented approval by authorized parties specifying required privileges.

7.1.4 Select a sample of user IDs and compare with documented approvals to verify that:
• Documented approval exists for the assigned privileges
• The approval was by authorized parties
• That specified privileges match the roles assigned to the individual.

Documented approval (for example, in writing or electronically) assures that those with access and privileges are known and authorized by management, and that their access is necessary for their job function.
 
Top