Frequently Asked Question
What does “console access” mean for PCI DSS Requirements 8.4.1 and 8.4.2?
Console access refers to a system with a direct physical connection to another system component, where that connection does not rely on a networked connection (meaning that access is from the “console” to the system component via a physical cable). Console access is a mechanism typically used by system administrators, to connect via physical cable to a system component that resides in the CDE or sensitive area for purposes of managing that system (for example, editing a sensitive configuration file on that system component). This is considered a more secure form of access because it cannot be easily intercepted by an unauthorized user.
Console access does not include situations where the system is used to access other system components over a networked connection. For example, access via a laptop or workstation using a physically connected keyboard is not considered “console access” if that system requires a networked connection to access any other system component.
Featured FAQ Articles
Featured
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Is the PCI DSS Attestation of Compliance intended to be shared?
-
How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
-
Where do I direct questions about complying with PCI standards?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
Most Popular
-
What does “console access” mean for PCI DSS Requirements 8.4.1 and 8.4.2?
-
What evidence is a TPSP expected to provide to customers to demonstrate PCI DSS compliance?
-
Does PCI SSC consider guidance from other standards organizations when making updates to PCI standards?
-
If an organization provides software or functionality that runs on a consumer's device (for example, smartphones, tablets, or laptops) and is used to accept payment account data, can the organization store card verification codes for those consumers?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
Most Recently Updated
-
Which version of the P2PE Standard should be used for a P2PE assessment?
-
Which PCI PTS point-of-interaction (POI) devices can be used in a validated P2PE solution?
-
Is a "P2PE Assessor" required for a merchant's PCI DSS assessment if the merchant uses a Council-listed P2PE solution?
-
Can a QSA that is not also a P2PE Assessor validate an encryption solution meets P2PE Requirements?
-
How do PCI PTS-approved HSM expiry dates affect a PCI-listed P2PE Solution or Component?