Implement Strong Access Control Measures

Requirement 7 – Restrict access to cardholder data by business need to know

User rights review
Active Directory – manual review
Controlcase compliance software (Controlcase compliance software)

Requirement 8 – Assign a unique ID to each person with computer access

Identification / Authentication
– Active Directory
– Free radius server (http://freeradius.org/)
– Open LDAP (www.openldap.org/)

Two factor authentication
Free
– Toopher Authentication (https://www.toopher.com/)
– Google Authenticator (code.google.com/p/google-authenticator/)
– Pin Grid Authentication (http://pingrid.org/downloads.html)
– Transakt Authentication (http://gettransakt.com/transakt/)
– Microsoft Authenticator App (http://www.windowsphone.com/en-us/store/app/authenticator)
– Duo Security Authentication (https://www.duosecurity.com/editions)

Commercial
– RSA SecurID (www.tokenguard.com/)
– Vasco DIGIPASS (https://www.vasco.com/)
– Yubikey (http://www.yubico.com)
– Gridsure (http://gridsure-security.co.uk)

Requirement 9 – Restrict physical access to cardholder data

Visitor management
– Visitor management (http://www.visitormanagementsystem.com.au/)
– idbadges (http://www.idbadges.com/)
– Visitor Book (http://www.swipedon.com/visitor-registration-app/)
– VisitLog (http://www.visitlog.se/en/)
– Reception for iPad (http://furio.co/portfolio/reception-for-ipad/)

Secure deletion software
– Eraser (eraser.heidi.ie/)
– Secure eraser (http://www.secure-eraser.com/)

Data classification
– Varonis (http://www.varonis.com/go/multimedia/varonis-idu-classification-framework.html)
– Banyan solutions (http://www.banyansolutions.com/solutions)