What is not a PCI compliance recommendation?

A. Limit access to card holder data to as few individuals as possible.

B. Use encryption to protect all transmission of card holder data

over any public network.

C. Rotate employees handling credit card transactions on a yearly basis to different departments.

D. Use a firewall between the public network and the payment card data.