Requirement 7: Restrict Access to Cardholder Data by Business Need-to-Know

From the PCI DSS:

To ensure critical data can only be accessed by authorized personnel, systems and processes must be in place to limit access based on need to know and according to job responsibilities.

PCI DSS Requirement	How Requirement is Addressed with EFT Server
7.1 Limit access to computing resources and cardholder information only to those individuals whose job requires such access.	Each user account defined in EFT Server inherits settings from the Settings Template, or you can define settings specific to a user. Permission Groups set user virtual file system (VFS) permissions to folders. You can enable and disable user access to EFT Server resources by user, Group, Settings Template, Site, and Server. You can also grant or deny access by IP address.
7.2 Establish a mechanism for systems with multiple users that restricts access based on a user’s need to know.	EFT Server provides groups, virtual folders, and settings templates for segregating and controlling user access. In addition, delegated administrators or help-desk users can be granted varying levels of control over server settings and resources.

If this help topic did not help you, search the Knowledgebase or pose your question in the GlobalSCAPE User Forum.

For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

Leave compliments or complaints regarding the help in the User Forum. At a minimum, please provide the topic title and why you needed help.

For information about GlobalSCAPE, visit www.globalscape.com, subscribe to our Secure Info Exchange blog, or follow us on Twitter.

Last modified: 18-Aug-11 at 13:43:46