>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IAM-28PCI Account Restrictions

>Control Description

Organization clients with access to the cardholder data environment (CDE), as users or processes, are assigned unique accounts that cannot modify shared binaries or access data, server resources, or scripts owned by another CDE or Organization; application processes are restricted from operating in privileged-mode.

Theme

Technology

Type

Preventive

Policy/Standard

Access Management Procedure

>Implementation Guidance

1. Ensure that in cases of multi-tenant environments one organization or user cannot effect the security or integrity of another organizations resources. 2. Ensure that users are restricted from using privileged-mode.

>Testing Procedure

1. Review the network architecture diagram and confirm that in cases of multi-tenant environments that one organization or user cannot effect the security or integrity of another organizations resources. 2. Observe the application processes showing that they are restricted from using privileged-mode.

>Audit Artifacts

E-IAM-24
E-IAM-40
E-IAM- 42

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
1

8.2.1

Ask AI

Configure your API key to use AI features.