Which PCI DSS requirement requires restricting physical access to cardholder data?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the PCI Data Security Standard Exam. Master your knowledge with interactive flashcards and multiple-choice questions, each with hints and explanations. Prepare confidently for your certification test!

Multiple Choice

Which PCI DSS requirement requires restricting physical access to cardholder data?

Explanation:
Restricting physical access to cardholder data focuses on the controls that physically protect the places and devices where CHD is stored or processed. This requirement explicitly mandates limiting who can enter facilities, rooms, and areas containing CHD, as well as securing media, devices, and backups that hold cardholder data, and ensuring visitors are escorted and monitored. It also covers procedures for secure disposal of hardware and media to prevent CHD exposure through physical means. This is the best fit because the question is asking about physical protection, not about password practices, policy development, or software security—areas addressed by the other options. The other requirements cover logical access, secure systems and applications, and formal security governance, which are essential but do not address the physical access controls that guard CHD in the real world.

Restricting physical access to cardholder data focuses on the controls that physically protect the places and devices where CHD is stored or processed. This requirement explicitly mandates limiting who can enter facilities, rooms, and areas containing CHD, as well as securing media, devices, and backups that hold cardholder data, and ensuring visitors are escorted and monitored. It also covers procedures for secure disposal of hardware and media to prevent CHD exposure through physical means. This is the best fit because the question is asking about physical protection, not about password practices, policy development, or software security—areas addressed by the other options. The other requirements cover logical access, secure systems and applications, and formal security governance, which are essential but do not address the physical access controls that guard CHD in the real world.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy