PCI (Payment Card Industry Security Standard)_Req 8.7

PCI (Payment Card Industry Security Standard)

Identify and authenticate access to system components

Req 8.7

8.7 All access to any database containing cardholder data (including access by applications administrators and all other users) is restricted as follows: – All user access to user queries of and user actions on databases are through programmatic methods. – Only database administrators have the ability to directly access or query databases. – Application IDs for database applications can only be used by the applications (and not by individual users or other non-application processes).

Without user authentication for access to databases and applications the potential for unauthorized or malicious access increases and such access cannot be logged since the user has not been authenticated and is therefore not known to the system. Also database access should be granted through programmatic methods only (for example through stored procedures) rather than via direct access to the database by end users (except for DBAs who may need direct access to the database for their administrative duties).


Click here to Start your FREE trial today!

Explainer video


What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video