Access to CDE and CHD in PCI DSS

Abena Frimpong Conversation starter

If someone has access to CDE does that mean that person can also access CHD?


1 comment

  • Comment author
    Shannon Idea generator Vanta Team Member Conversation starter

    Hi Abena Frimpong

    The Cardholder Data Environment (CDE) is the term used to describe all the people, processes, and technologies that store, process, or transmit cardholder data (CHD). So, if someone has access to the CDE, it means they potentially have access to CHD as well. However, it's important to note that just because someone has access to the CDE, it doesn't necessarily mean they can access all CHD. Access controls should be in place to ensure that individuals can only access the data they need to perform their job duties. This is a principle known as least privilege. Regular access reviews must be conducted to help prevent potential data breaches and help limit the potential damage if an account is compromised. Organizations need to have current and complete Network and Data Flow Diagrams to understand who has access to which systems that are processing, storing, and transmitting CHD and what level of access individuals have within the CDE.


Please sign in to leave a comment.