[PCI DSS 3.0] [PCI DSS 3.0] 9.2 Develop procedures to easily distinguish between onsite personnel and visitors, to include:

pcinetwork

PCINetwork.org Admin
#1
9.2 Develop procedures to easily distinguish between onsite personnel and visitors, to include:
• Identifying new onsite personnel or visitors (for example, assigning badges)
• Changes to access requirements
• Revoking or terminating onsite personnel and expired visitor identification (such as ID badges).

9.2.a Review documented processes to verify that procedures are defined for identifying and distinguishing between onsite personnel and visitors. Verify procedures include the following:
• Identifying new onsite personnel or visitors (for example, assigning badges),
• Changing access requirements, and
• Revoking terminated onsite personnel and expired visitor identification (such as ID badges)

9.2.b Observe processes for identifying and distinguishing between onsite personnel and visitors to verify that:
• Visitors are clearly identified, and
• It is easy to distinguish between onsite personnel and visitors.

9.2.c Verify that access to the identification process (such as a badge system) is limited to authorized personnel.

9.2.d Examine identification methods (such as ID badges) in use to verify that they clearly identify visitors and it is easy to distinguish between onsite personnel and visitors.

Identifying authorized visitors so they are easily distinguished from onsite personnel prevents unauthorized visitors from being granted access to areas containing cardholder data.
 
Top