312-50V13 · Question #203
The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to
The correct answer is C. Assign a unique ID to each person with computer access.. Under PCI DSS, assigning a unique ID to each person with computer access is a core requirement for implementing strong access control measures, enabling individual accountability.
Question
Options
- ARegularly test security systems and processes.
- BEncrypt transmission of cardholder data across open, public networks.
- CAssign a unique ID to each person with computer access.
- DUse and regularly update anti-virus software on all systems commonly affected by malware.
How the community answered
(58 responses)- B3% (2)
- C95% (55)
- D2% (1)
Why each option
Under PCI DSS, assigning a unique ID to each person with computer access is a core requirement for implementing strong access control measures, enabling individual accountability.
Regularly testing security systems and processes falls under PCI DSS Requirement 11 (Regularly Test Security Systems and Processes), not specifically access control.
Encrypting transmission of cardholder data across open, public networks is covered by PCI DSS Requirement 4 (Encrypt transmission of cardholder data), which focuses on data protection, not access control.
Assigning a unique ID to each person with computer access is a fundamental principle of strong access control, as it enables individual accountability for actions performed on systems and allows for precise management of permissions, directly fulfilling a key aspect of the 'Implement strong access control measures' objective in PCI DSS.
Using and regularly updating anti-virus software is a PCI DSS Requirement 5 (Protect all systems from malware and regularly update anti-virus software), related to malware protection, not access control.
Concept tested: PCI DSS requirements and access control
Source: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
Topics
Community Discussion
No community discussion yet for this question.