FAQ #1035 Diff
What is the definition of "remote access"?
Earlier Version
Later Version
Removed
Added
The term “remote access” refers to access to a computer network from a location outside of that network. Examples of remote access include access from the Internet, an “untrusted” network or system, a third party service provider, access from a third party location (such as a business partner or business customer), or access by personnel from a portable computer over the Internet.
ExamplesInternal company LAN-to-LAN access (for example, two corporate locations connected by VPN within the same entity) is not considered remote access, as both locations are under the control of remote access include access from the Internet, an “untrusted” network or system, a third party service provider, access from a third party location (such as a business partner or business customer), or access by personnel from a portable computer over the Internet. Internal company LAN-to-LAN access (for example, two corporate locations connected by VPN within the same entity) is notentity. Such connections would be considered remote access, as both locations are under the control of the same entity. Access between two different entities (even if via VPN or private line), such as access involving business customers or third party service providers, is considered remote“non-console” access.
As defined in PCI DSS Requirement 8.3, two-factor authenticationAccess between two different entities (even if via VPN or private line), such as access involving business customers or third party service providers, is required for allconsidered remote network access that originates from outside the entity’s own network, where that remote access could lead to access to the cardholder data environment.access.
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.