7 – Restrict Access to Cardholder Data
In the Reports Portal, select > > > Reports or Dashboards > .
PCI Requirement 7 focuses on controlling access to cardholder data, thus limiting access privileges only to users who need to know the data according to your enterprise's needs. Usually, enterprises apply the principle of least privilege when granting access rights in the cardholder data environment (CDE).
To assess your enterprise's compliance with this requirement, use the following dashboards and reports:
| Dashboards | Reports |
|---|---|
All Accesses to Cardholder Data Environment
Reports the most accessed hosts in the CDE. The table provides results by the target host name and IP address, the target user, the source user and address, and the number of events.
All Accesses to Cardholder Data Environment by User
Reports all access activity in the CDE by the user. By default, the report lists user activities. The table provides results by the target host name and address, the target user, the port used, the source address, and the number of events.
In the logical model, use the variable to specify the users in the CDE that you want to include in the reports. For more information, see the Solutions Guide for ArcSight Compliance Pack for PCI.
User Access Activity to Card Holder Data Environment
Provides, in charts and a table, an overview of user access activities in the CDE. You can view a trend of activity over time, as well as events by target users, target IP address, and source IP address.