Ctrl + K

9.2.4 Access to consoles in sensitive areas is restricted via locking when not in use.

Original requirement from PCI DSS v4.0.1

Defined Approach Requirements

Customized Approach Objective

Physical consoles within sensitive areas cannot be used by unauthorized personnel.

Defined Approach Testing Procedures

9.2.4 Observe a system administrator's attempt to log into consoles in sensitive areas and verify that they are "locked" to prevent unauthorized use.

Purpose

Locking console login screens prevents unauthorized persons from gaining access to sensitive information, altering system configurations, introducing vulnerabilities into the network, or destroying records.

purpose

Immediately revoke physical access for terminated individuals.

compliance strategies

Automated badge deactivation
HR notification workflows

typical policies

Termination Procedures
Access Revocation Policy

common pitfalls

Delayed access revocation
Manual errors

type

Process Control

difficulty

Low

key risks

Former employees accessing sensitive areas

recommendations

Integrate access systems with HRIS

Eligible SAQ

SAQ-D MERCHANT
SAQ-D SERVICE PROVIDER

Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy

Please enable JavaScript to view the comments powered by Disqus.Alternatively, you can view comments at our Disqus forum.

Link copied to clipboard!