[PCI DSS 3.0] [PCI DSS 3.0] 9.4 Implement procedures to identify and authorize visitors.


PCINetwork.org Admin
9.4 Implement procedures to identify and authorize visitors.

Procedures should include the following:

9.4 Verify that visitor authorization and access controls are in place as follows: Visitor controls are important to reduce the ability of unauthorized and malicious persons to gain access to facilities (and potentially, to cardholder data).

Visitor controls ensure visitors are identifiable as visitors so personnel can monitor their activities, and that their access is restricted to just the duration of their legitimate visit.
Ensuring that visitor badges are returned upon expiry or completion of the visit prevents malicious persons from using a previously authorized pass to gain physical access into the building after the visit has ended.
A visitor log documenting minimum information on the visitor is easy and inexpensive to maintain and will assist in identifying physical access to a building or room, and potential access to cardholder data.