| Testing Procedure | How Sheriff CSM Delivers | Sheriff CSM Instructions | Sheriff CSM Documentation |
| 7.1 Limit access to system components and cardholder data to only those individuals whose job requires such access. | Sheriff CSM can collect security/access logs to provide evidence of access to system components. | Create a directive to Alert on occurrences of successful logins to restricted or limited resources, excluding authorized usernames, which will trigger immediate alarms of possible unauthorized access. | Tutorial: Create a New Directive to Detect DoS Attack |