How to Implement Secure, PCI-Compliant Access Controls – Security from eWeek

For instance, Section 7 of the Payment Card Industry Data Security Standard (PCI DSS) requires that access to cardholder data is restricted access by business “need-to-know.” This means that access rights are granted to only the least amount of data and privileges needed to perform a job. Section 7.1 of the PCI DSS limits access to system components and cardholder data to only those individuals whose job requires such access

via How to Implement Secure, PCI-Compliant Access Controls – Security from eWeek.