PCI DSS v3 - 2 - 1 ROC S6 R3 Protect Stored Cardholder Data

Uploaded by

mrehan2k2

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

101 views18 pages

PCI DSS v3 - 2 - 1 ROC S6 R3 Protect Stored Cardholder Data

Uploaded by

mrehan2k2

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 18

Protect Stored Cardholder Data

Requirement 3: Protect stored cardholder data

Summary of Assessment Findings
(check one)
PCI DSS Requirements Reporting Details:
In In Place Not Not in
and Testing Procedures Reporting Instruction Assessor’s Response Place w/ CCW N/A Tested Place
3.1 Keep cardholder data storage to a minimum by implementing data-retention and disposal policies, procedures and processes
that include at least the following for all CHD storage:
 Limiting data storage amount and retention time to that which is required for legal, regulatory, and/or business requirements.
☐ ☐ ☐ ☐ ☐
 Specific retention requirements for cardholder data
 Processes for secure deletion of data when no longer needed.
 A quarterly process for identifying and securely deleting stored cardholder data that exceeds defined retention.
3.1.a Examine the data-retention and Identify the data-retention and disposal Not Mentioned
disposal policies, procedures and documentation examined to verify policies,
processes to verify they include the procedures, and processes define the following for
following for all cardholder data (CHD) all cardholder data (CHD) storage:
storage:  Limiting data storage amount and retention time
 Limiting data storage amount and to that which is required for legal, regulatory,
retention time to that which is required and/or business requirements for data retention.
for legal, regulatory, and/or business  Specific requirements for retention of cardholder
requirements. data.
 Specific requirements for retention of  Processes for secure deletion of cardholder
cardholder data (for example, data when no longer needed for legal,
cardholder data needs to be held for X regulatory, or business reasons.
period for Y business reasons).  A quarterly process for identifying and securely
 Processes for secure deletion of deleting stored cardholder data that exceeds
cardholder data when no longer defined retention requirements.
needed for legal, regulatory, or
business reasons
 A quarterly process for identifying and
securely deleting stored cardholder
data that exceeds defined retention
requirements.

PCI DSS Template for Report on Compliance, Appendix D: Segmentation and Sampling of Business Facilities/System Components June 2018
© 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 1
Summary of Assessment Findings
(check one)
PCI DSS Requirements Reporting Details:
In In Place Not Not in
and Testing Procedures Reporting Instruction Assessor’s Response Place w/ CCW N/A Tested Place
3.1.b Interview personnel to verify that: Identify the responsible personnel interviewed
who confirm that:
 All locations of stored cardholder data
are included in the data-retention and  All locations of stored cardholder data are
disposal processes. included in the data-retention and disposal
processes.
 Either a quarterly automatic or manual
process is in place to identify and  Either a quarterly automatic or manual process
securely delete stored cardholder is in place to identify and securely delete stored
data. cardholder data.
 The quarterly automatic or manual  The quarterly automatic or manual process is
process is performed for all locations performed for all locations of cardholder data.
of cardholder data.
3.1.c For a sample of system components Identify the sample of system components selected
that store cardholder data: for this testing procedure.
 Examine files and system records to For each item in the sample, describe how files and
verify that the data stored does not system records verified that the data stored does not
exceed the requirements defined in exceed the requirements defined in the data-retention
the data-retention policy. policy.
 Observe the deletion mechanism to Describe how the deletion mechanism was observed Not Mentioned
verify data is deleted securely. to verify data is deleted securely.
3.2 Do not store sensitive authentication data after authorization (even if encrypted). If sensitive authentication data is received,
render all data unrecoverable upon completion of the authorization process.
It is permissible for issuers and companies that support issuing services to store sensitive authentication data if:
 There is a business justification, and ☐ ☐ ☐ ☐ ☐
 The data is stored securely.
Sensitive authentication data includes the data as cited in the following Requirements 3.2.1 through 3.2.3:
3.2.a For issuers and/or companies that Indicate whether the assessed entity is an issuer or
support issuing services and store supports issuing service. (yes/no)
sensitive authentication data, review
policies and interview personnel to verify If “yes,” complete the responses for 3.2.a and 3.2.b and mark 3.2.c and 3.2.d as “Not Applicable.”
there is a documented business If “no,” mark the remainder of 3.2.a and 3.2.b as “Not Applicable” and proceed to 3.2.c and 3.2.d.
justification for the storage of sensitive
authentication data. Identify the documentation reviewed to verify there Not Mentioned
is a documented business justification for the storage
of sensitive authentication data.

 Database contents

 If applicable, any other output observed to be

generated
3.2.2 Do not store the card verification code or value (three-digit or four-digit number printed on the front or back of a payment
card) used to verify card-not-present transactions after authorization. ☐ ☐ ☐ ☐

3.2.2 For a sample of system components, For each data source type below from the sample of system of components at 3.2.1, summarize the specific examples of each
examine data sources, including but not data source type observed to verify that the three-digit or four-digit card verification code or value printed on the front of the card
limited to the following, and verify that the
or the signature panel (CVV2, CVC2, CID, CAV2 data) is not stored after authorization. If that type of data source is not present,
three-digit or four-digit card verification
indicate that in the space.

 Database contents

 If applicable, any other output observed to be

generated

3.3 Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed), such that only
personnel with a legitimate business need can see more than first six/last four digits of the PAN.
☐ ☐ ☐ ☐ ☐
Note: This requirement does not supersede stricter requirements in place for displays of cardholder data—for example, legal or
payment card brand requirements for point-of-sale (POS) receipts.

3.3.c Examine displays of PAN (for Describe how displays of PAN verified that:
example, on screen, on paper receipts) to
verify that PANs are masked when  PANs are masked when displaying cardholder
displaying cardholder data, and that only data.
those with a legitimate business need are  Only those with a legitimate business need are
able to see more than first six/last four able to see more than first six/last four digits of
digits of the PAN. the PAN.

PCI DSS Template for Report on Compliance, Appendix D: Segmentation and Sampling of Business Facilities/System Components June 2018
© 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 6
Summary of Assessment Findings
(check one)
PCI DSS Requirements Reporting Details:
In In Place Not Not in
and Testing Procedures Reporting Instruction Assessor’s Response Place w/ CCW N/A Tested Place
3.4 Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of
the following approaches:
 One-way hashes based on strong cryptography, (hash must be of the entire PAN).
 Truncation (hashing cannot be used to replace the truncated segment of PAN).
 Index tokens and pads (pads must be securely stored).
☐ ☐ ☐ ☐ ☐
 Strong cryptography with associated key-management processes and procedures.
Note: It is a relatively trivial effort for a malicious individual to reconstruct original PAN data if they have access to both the
truncated and hashed version of a PAN. Where hashed and truncated versions of the same PAN are present in an entity’s
environment, additional controls must be in place to ensure that the hashed and truncated versions cannot be correlated to
reconstruct the original PAN.
3.4.a Examine documentation about the Identify the documentation examined to verify that Not Mentioned
system used to protect the PAN, including the PAN is rendered unreadable using any of the
the vendor, type of system/process, and following methods:
the encryption algorithms (if applicable) to
 One-way hashes based on strong cryptography,
verify that the PAN is rendered unreadable
using any of the following methods:  Truncation
 Index tokens and pads, with the pads being
 One-way hashes based on strong
securely stored
cryptography,
 Strong cryptography, with associated key-
 Truncation
management processes and procedures
 Index tokens and pads, with the pads
being securely stored
 Strong cryptography, with associated
key-management processes and
procedures
3.4.b Examine several tables or files from Identify the sample of data repositories selected for
a sample of data repositories to verify the this testing procedure.
PAN is rendered unreadable (that is, not
Identify the tables or files examined for each item in
stored in plain-text).
the sample of data repositories.
For each item in the sample, describe how the
tables or files verified that the PAN is rendered
unreadable.
3.4.c Examine a sample of removable Identify the sample of removable media selected for
media (for example, backup tapes) to this testing procedure.

Note: This requirement applies in addition to all other PCI DSS encryption and key management requirements.
3.4.1.a If disk encryption is used, inspect Indicate whether disk encryption is used. (yes/no)
the configuration and observe the
authentication process to verify that logical If “yes,” complete the remainder of 3.4.1.a, 3.4.1.b, and 3.4.1.c.
access to encrypted file systems is
If “no,” mark the remainder of 3.4.1.a, 3.4.1.b and 3.4.1.c as “Not Applicable.’
implemented via a mechanism that is
separate from the native operating Describe the disk encryption mechanism(s) in use.
system’s authentication mechanism (for
example, not using local user account For each disk encryption mechanism in use,
databases or general network login describe how the configuration verified that logical
credentials). access to encrypted file systems is separate from the
native operating system’s authentication mechanism.

3.5.1 Interview responsible personnel and Identify the responsible personnel interviewed
review documentation to verify that a who confirm that a document exists to describe the
document exists to describe the cryptographic architecture, including:
cryptographic architecture, including:  Details of all algorithms, protocols, and keys
 Details of all algorithms, protocols, used for the protection of cardholder data,
and keys used for the protection of including key strength and expiry date
cardholder data, including key  Description of the key usage for each key
strength and expiry date
 Inventory of any HSMs and other SCDs used for
key management

 Description of the key usage for each Identify the documentation reviewed to verify that Not Mentioned
key it contains a description of the cryptographic
 Inventory of any HSMs and other architecture, including:
SCDs used for key management  Details of all algorithms, protocols, and keys
used for the protection of cardholder data,
including key strength and expiry date
 Description of the key usage for each key
 Inventory of any HSMs and other SCDs used for
key management
3.5.2 Restrict access to cryptographic keys to the fewest number of custodians necessary. ☐ ☐ ☐ ☐ ☐
3.5.2 Examine user access lists to verify Identify user access lists examined.
that access to keys is restricted to the
fewest number of custodians necessary. Describe how the user access lists verified that
access to keys is restricted to the fewest number of
custodians necessary.
3.5.3 Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the following forms at all times:
 Encrypted with a key-encrypting key that is at least as strong as the data-encrypting key, and that is stored separately from the
data-encrypting key.
 Within a secure cryptographic device (such as a hardware/host security module (HSM) or PTS-approved point-of-interaction ☐ ☐ ☐ ☐ ☐
device).
 As at least two full-length key components or key shares, in accordance with an industry-accepted method.
Note: It is not required that public keys be stored in one of these forms.

PCI DSS Template for Report on Compliance, Appendix D: Segmentation and Sampling of Business Facilities/System Components June 2018
© 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 11
Summary of Assessment Findings
(check one)
PCI DSS Requirements Reporting Details:
In In Place Not Not in
and Testing Procedures Reporting Instruction Assessor’s Response Place w/ CCW N/A Tested Place
3.5.3.a Examine documented procedures Identify the documented procedures examined to Not Mentioned
to verify that cryptographic keys used to verify that cryptographic keys used to encrypt/decrypt
encrypt/decrypt cardholder data must only cardholder data must only exist in one (or more) of
exist in one (or more) of the following the following forms at all times.
forms at all times.  Encrypted with a key-encrypting key that is at
 Encrypted with a key-encrypting key that least as strong as the data-encrypting key, and
is at least as strong as the data- that is stored separately from the data-encrypting
encrypting key, and that is stored key.
separately from the data-encrypting key.  Within a secure cryptographic device (such as a
 Within a secure cryptographic device hardware (host) security module (HSM) or PTS-
(such as a hardware (host) security approved point-of-interaction device).
module (HSM) or PTS-approved point-of-  As key components or key shares, in accordance
interaction device). with an industry-accepted method.
 As key components or key shares, in
accordance with an industry-accepted
method.
3.5.3.b Examine system configurations Provide the name of the assessor who attests that
and key storage locations to verify that all locations where keys are stored were identified.
cryptographic keys used to encrypt/decrypt
Describe how system configurations and key
cardholder data exist in one, (or more), of
storage locations verified that cryptographic keys
the following form at all times.
used to encrypt/decrypt cardholder data must only
 Encrypted with a key-encrypting key. exist in one (or more) of the following forms at all
 Within a secure cryptographic device times.
(such as a hardware (host) security  Encrypted with a key-encrypting key that is at
module (HSM) or PTS-approved point-of- least as strong as the data-encrypting key, and
interaction device). that is stored separately from the data-encrypting
 As key components or key shares, in key.
accordance with an industry-accepted
 Within a secure cryptographic device (such as a
method.
hardware (host) security module (HSM) or PTS-
approved point-of-interaction device).
 As key components or key shares, in accordance
with an industry-accepted method.
3.5.3.c Wherever key-encrypting keys are Describe how system configurations and key storage locations verified that, wherever key-encrypting keys are used:
used, examine system configurations and
key storage locations to verify:  Key-encrypting keys are at least as strong as the
data-encrypting keys they protect.

PCI DSS Template for Report on Compliance, Appendix D: Segmentation and Sampling of Business Facilities/System Components June 2018
© 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 12
Summary of Assessment Findings
(check one)
PCI DSS Requirements Reporting Details:
In In Place Not Not in
and Testing Procedures Reporting Instruction Assessor’s Response Place w/ CCW N/A Tested Place
 Key-encrypting keys are at least as  Key-encrypting keys are stored separately from
strong as the data-encrypting keys they data-encrypting keys.
protect.
 Key-encrypting keys are stored
separately from data-encrypting keys.
3.5.4 Store cryptographic keys in the fewest possible locations. ☐ ☐ ☐ ☐ ☐
3.5.4 Examine key storage locations and Describe how key storage locations and the
observe processes to verify that keys are observed processes verified that keys are stored in
stored in the fewest possible locations. the fewest possible locations.
3.6 Fully document and implement all key-management processes and procedures for cryptographic keys used for encryption of
cardholder data, including the following:
☐ ☐ ☐ ☐ ☐
Note: Numerous industry standards for key management are available from various resources including NIST, which can be found
at http://csrc.nist.gov.
3.6.a Additional Procedure for service Indicate whether the assessed entity is a service
provider assessments only: If the service provider that shares keys with their customers for
provider shares keys with their customers transmission or storage of cardholder data. (yes/no)
for transmission or storage of cardholder
If “yes,” Identify the document that the service
data, examine the documentation that the
provider provides to their customers examined to
service provider provides to their
verify that it includes guidance on how to securely
customers to verify that it includes
transmit, store and update customers’ keys, in
guidance on how to securely transmit,
accordance with Requirements 3.6.1 through 3.6.8
store, and update customers’ keys, in
below.
accordance with Requirements 3.6.1
through 3.6.8 below.

3.6.b Examine the key-management procedures and processes for keys used for encryption of cardholder data and perform the following:
3.6.1 Generation of strong cryptographic keys. ☐ ☐ ☐ ☐ ☐
3.6.1.a Verify that key-management Identify the documented key-management Not Mentioned
procedures specify how to generate strong procedures examined to verify procedures specify
keys. how to generate strong keys.
3.6.1.b Observe the procedures for Describe how the procedures for generating keys
generating keys to verify that strong keys were observed to verify that strong keys are
are generated. generated.
3.6.2 Secure cryptographic key distribution. ☐ ☐ ☐ ☐ ☐

PCI DSS Template for Report on Compliance, Appendix D: Segmentation and Sampling of Business Facilities/System Components June 2018
© 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 13
Summary of Assessment Findings
(check one)
PCI DSS Requirements Reporting Details:
In In Place Not Not in
and Testing Procedures Reporting Instruction Assessor’s Response Place w/ CCW N/A Tested Place
3.6.2.a Verify that key-management Identify the documented key-management Not Mentioned
procedures specify how to securely procedures examined to verify procedures specify
distribute keys. how to securely distribute keys.
3.6.2.b Observe the method for distributing Describe how the method for distributing keys was
keys to verify that keys are distributed observed to verify that keys are distributed securely.
securely.
3.6.3 Secure cryptographic key storage. ☐ ☐ ☐ ☐ ☐
3.6.3.a Verify that key-management Identify the documented key-management Not Mentioned
procedures specify how to securely store procedures examined to verify procedures specify
keys. how to securely store keys.
3.6.3.b Observe the method for storing Describe how the method for storing keys was
keys to verify that keys are stored observed to verify that keys are stored securely.
securely.
3.6.4 Cryptographic key changes for keys that have reached the end of their cryptoperiod (for example, after a defined period of
time has passed and/or after a certain amount of cipher-text has been produced by a given key), as defined by the associated
application vendor or key owner, and based on industry best practices and guidelines (for example, NIST Special Publication 800- ☐ ☐ ☐ ☐ ☐
57).
3.6.4.a Verify that key-management Identify the documented key-management Not Mentioned
procedures include a defined cryptoperiod procedures examined to verify procedures include a
for each key type in use and define a defined cryptoperiod for each key type in use and
process for key changes at the end of the define a process for key changes at the end of the
defined cryptoperiod(s). defined cryptoperiod(s).
3.6.4.b Interview personnel to verify that Identify the responsible personnel interviewed who
keys are changed at the end of the defined confirm that keys are changed at the end of the
cryptoperiod(s). defined cryptoperiod(s).
3.6.5 Retirement or replacement (for example, archiving, destruction, and/or revocation) of keys as deemed necessary when the
integrity of the key has been weakened (for example, departure of an employee with knowledge of a clear-text key component), or
keys are suspected of being compromised. ☐ ☐ ☐ ☐ ☐
Note: If retired or replaced cryptographic keys need to be retained, these keys must be securely archived (for example, by using a
key-encryption key). Archived cryptographic keys should only be used for decryption/verification purposes.

PCI DSS Template for Report on Compliance, Appendix D: Segmentation and Sampling of Business Facilities/System Components June 2018
© 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 14
Summary of Assessment Findings
(check one)
PCI DSS Requirements Reporting Details:
In In Place Not Not in
and Testing Procedures Reporting Instruction Assessor’s Response Place w/ CCW N/A Tested Place
3.6.5.a Verify that key-management Identify the documented key-management Not Mentioned
procedures specify processes for the procedures examined to verify that key-management
following: processes specify the following:
 The retirement or replacement of keys  The retirement or replacement of keys when the
when the integrity of the key has been integrity of the key has been weakened.
weakened.  The replacement of known or suspected
 The replacement of known or suspected compromised keys.
compromised keys.  Any keys retained after retiring or replacing are
 Any keys retained after retiring or not used for encryption operations.
replacing are not used for encryption
operations.
3.6.5.b Interview personnel to verify the Identify the responsible personnel interviewed who
following processes are implemented: confirm that the following processes are
 Keys are retired or replaced as implemented:
necessary when the integrity of the key  Keys are retired or replaced as necessary when the
has been weakened, including when integrity of the key has been weakened, including
someone with knowledge of the key when someone with knowledge of the key leaves
leaves the company. the company.
 Keys are replaced if known or suspected  Keys are replaced if known or suspected to be
to be compromised. compromised.
 Any keys retained after retiring or  Any keys retained after retiring or replacing are not
replacing are not used for encryption used for encryption operations.
operations.
3.6.6 If manual clear-text cryptographic key-management operations are used, these operations must be managed using split
knowledge and dual control.
☐ ☐ ☐ ☐ ☐
Note: Examples of manual key-management operations include, but are not limited to: key generation, transmission, loading,
storage and destruction.
3.6.6.a Verify that manual clear-text key- Indicate whether manual clear-text cryptographic
management procedures specify key-management operations are used. (yes/no)
processes for the use of the following:
If “no,” mark the remainder of 3.6.6.a and 3.6.6.b as “Not Applicable.”
 Split knowledge of keys, such that key
components are under the control of at If “yes,” complete 3.6.6.a and 3.6.6.b.

 Dual Control

3.6.7 Prevention of unauthorized substitution of cryptographic keys. ☐ ☐ ☐ ☐ ☐

3.6.7.a Verify that key-management Identify the documented key-management Not Mentioned
procedures specify processes to prevent procedures examined to verify that key-management
unauthorized substitution of keys. procedures specify processes to prevent
unauthorized substitution of keys.
3.6.7.b Interview personnel and/or observe Identify the responsible personnel interviewed for
process to verify that unauthorized this testing procedure, if applicable.
substitution of keys is prevented.
For the interview, summarize the relevant details
discussed and/or describe how processes were
observed to verify that unauthorized substitution of
keys is prevented.
3.6.8 Requirement for cryptographic key custodians to formally acknowledge that they understand and accept their key-custodian
responsibilities. ☐ ☐ ☐ ☐ ☐

3.7 Examine documentation and interview Identify the document reviewed to verify that Not Mentioned
personnel to verify that security policies security policies and operational procedures for
and operational procedures for protecting protecting stored cardholder data are documented.
stored cardholder data are:
Identify the responsible personnel interviewed who
 Documented, confirm that the above documented security policies
 In use, and and operational procedures for protecting stored
cardholder data are:
 Known to all affected parties
 In use
 Known to all affected parties

PCI DSS Template for Report on Compliance, Appendix D: Segmentation and Sampling of Business Facilities/System Components June 2018
© 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 17
PCI DSS Template for Report on Compliance, Appendix D: Segmentation and Sampling of Business Facilities/System Components June 2018
© 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 18

Pci Dss Thesis
100% (3)
Pci Dss Thesis
8 pages
Thesis On Pci Dss
100% (1)
Thesis On Pci Dss
7 pages
Report On Compliance SAQ B With Assessor Testing Procedures
No ratings yet
Report On Compliance SAQ B With Assessor Testing Procedures
9 pages
PCI DSS v3-2-1
No ratings yet
PCI DSS v3-2-1
139 pages
PCI DSS Compliance Guide
100% (5)
PCI DSS Compliance Guide
108 pages
Pci Policy Template
No ratings yet
Pci Policy Template
18 pages
Data Security Standard: Payment Card Industry (PCI)
No ratings yet
Data Security Standard: Payment Card Industry (PCI)
115 pages
Pci Policy Template
No ratings yet
Pci Policy Template
18 pages
Pci Dss v2
No ratings yet
Pci Dss v2
75 pages
NEW PCI DSS 3.0 Requirements (PCI Compliance)
No ratings yet
NEW PCI DSS 3.0 Requirements (PCI Compliance)
112 pages
PCI DSS Security Metrics Guide to PCI DSS Compliance
No ratings yet
PCI DSS Security Metrics Guide to PCI DSS Compliance
111 pages
Payment Card Industry Edwin
No ratings yet
Payment Card Industry Edwin
9 pages
Achieving PCI DSS Compliance With Thales Data Protection White Paper
No ratings yet
Achieving PCI DSS Compliance With Thales Data Protection White Paper
21 pages
PCI DSS v4 0 SAQ D Service Provider r3
No ratings yet
PCI DSS v4 0 SAQ D Service Provider r3
147 pages
Pci DSS V4
100% (2)
Pci DSS V4
30 pages
5 Essential Steps To Sustainable PCI DSS Compliance
No ratings yet
5 Essential Steps To Sustainable PCI DSS Compliance
10 pages
Navigating Dss v20
No ratings yet
Navigating Dss v20
61 pages
week3_seminar_materials
No ratings yet
week3_seminar_materials
2 pages
PCI DSS v4 0 Hierachy 1648839354
No ratings yet
PCI DSS v4 0 Hierachy 1648839354
2 pages
PCI DSS v3 2 1 r1
No ratings yet
PCI DSS v3 2 1 r1
139 pages
Pc i Ssc Quick Guide
No ratings yet
Pc i Ssc Quick Guide
32 pages
PCI DSS v3-2-1 PDF
No ratings yet
PCI DSS v3-2-1 PDF
139 pages
Introduction-to-PCI-DSS-Awareness-Training
No ratings yet
Introduction-to-PCI-DSS-Awareness-Training
10 pages
WWW Controlcase Com What Are The 12 Requirements of Pci Dss
No ratings yet
WWW Controlcase Com What Are The 12 Requirements of Pci Dss
10 pages
Data Security Standard: Payment Card Industry (PCI)
No ratings yet
Data Security Standard: Payment Card Industry (PCI)
9 pages
PCI DSS 4_rs
No ratings yet
PCI DSS 4_rs
8 pages
PCI DSS Compliance Checklist
No ratings yet
PCI DSS Compliance Checklist
49 pages
PCI DSS Certification-Compressed
No ratings yet
PCI DSS Certification-Compressed
13 pages
PCI DSS Quick Reference Guide: For Merchants and Other Entities Involved in Payment Card Processing
No ratings yet
PCI DSS Quick Reference Guide: For Merchants and Other Entities Involved in Payment Card Processing
40 pages
SAQ D v3 Merchant
No ratings yet
SAQ D v3 Merchant
82 pages
PCI DSS V 1.2
100% (2)
PCI DSS V 1.2
73 pages
Self-Assessment Questionnaire D: Payment Card Industry (PCI) Data Security Standard
No ratings yet
Self-Assessment Questionnaire D: Payment Card Industry (PCI) Data Security Standard
78 pages
HX260 Install 1038056-0001 A
100% (3)
HX260 Install 1038056-0001 A
164 pages
Data Security Standard: Payment Card Industry (PCI)
No ratings yet
Data Security Standard: Payment Card Industry (PCI)
8 pages
Data Security Standard: Payment Card Industry (PCI)
No ratings yet
Data Security Standard: Payment Card Industry (PCI)
8 pages
PCI DSS Basic - Learning Plan
No ratings yet
PCI DSS Basic - Learning Plan
3 pages
Pci Dss v4 0 Saq D Merchant
No ratings yet
Pci Dss v4 0 Saq D Merchant
118 pages
Security Program and Policies: by Sari Stern Greene
No ratings yet
Security Program and Policies: by Sari Stern Greene
21 pages
Wirebit AOC Versionfinal
No ratings yet
Wirebit AOC Versionfinal
14 pages
Pci SSC Quick Guide
No ratings yet
Pci SSC Quick Guide
32 pages
PLSQL - 5 - 2 - Brayan Ferney Perez Moreno PDF
100% (2)
PLSQL - 5 - 2 - Brayan Ferney Perez Moreno PDF
3 pages
Cybersecurity Building Resilience Through Pci Dss
No ratings yet
Cybersecurity Building Resilience Through Pci Dss
11 pages
PCI-DSS-v4-0-SAQ-B-r1
No ratings yet
PCI-DSS-v4-0-SAQ-B-r1
33 pages
Voice Primer Packet Tracer Lab
100% (3)
Voice Primer Packet Tracer Lab
5 pages
PCIDSS
No ratings yet
PCIDSS
71 pages
Cloud Computing
0% (1)
Cloud Computing
97 pages
PCi Compliance
No ratings yet
PCi Compliance
38 pages
Data Security Standard: Payment Card Industry (PCI)
No ratings yet
Data Security Standard: Payment Card Industry (PCI)
12 pages
TemplatePCI DSSProcedure
No ratings yet
TemplatePCI DSSProcedure
3 pages
Complete Roc
No ratings yet
Complete Roc
314 pages
PCI DSS Quick Reference Guide: For Merchants and Other Entities Involved in Payment Card Processing
No ratings yet
PCI DSS Quick Reference Guide: For Merchants and Other Entities Involved in Payment Card Processing
40 pages
Migration Use Cases With The Migration Manager
No ratings yet
Migration Use Cases With The Migration Manager
288 pages
PCI-DSS-v3_2_1-Service-Provider-AOC_Liquid-Web_2024_FINAL
No ratings yet
PCI-DSS-v3_2_1-Service-Provider-AOC_Liquid-Web_2024_FINAL
14 pages
Final Report A I Detect
No ratings yet
Final Report A I Detect
34 pages
PCI DSS-overview
No ratings yet
PCI DSS-overview
19 pages
TB360-BTC Pro 2.0 - 211101 (En+cn)
No ratings yet
TB360-BTC Pro 2.0 - 211101 (En+cn)
63 pages
RMS CAN Protocol (V4 - 3)
No ratings yet
RMS CAN Protocol (V4 - 3)
52 pages
PCI DSS v3 2 1 ROC S1 Contact Information
No ratings yet
PCI DSS v3 2 1 ROC S1 Contact Information
14 pages
PCI DSS v3 - 2 - 1 ROC S6 R2 Do Not Use Vendor Supplied Defaults
No ratings yet
PCI DSS v3 - 2 - 1 ROC S6 R2 Do Not Use Vendor Supplied Defaults
11 pages
Discoverer Calculated Functions - How To Guide
No ratings yet
Discoverer Calculated Functions - How To Guide
11 pages
Pci DSSS
No ratings yet
Pci DSSS
8 pages
Navigating PCI DSS v4.0
No ratings yet
Navigating PCI DSS v4.0
24 pages
Botanical Pitch Deck
No ratings yet
Botanical Pitch Deck
7 pages
AST 0135179 Skyhigh Cheat Sheet PCI Compliance 0814
No ratings yet
AST 0135179 Skyhigh Cheat Sheet PCI Compliance 0814
2 pages
Eegame Logcat
No ratings yet
Eegame Logcat
13 pages
Pci-Dss Controls: PCI Security Standards Council
No ratings yet
Pci-Dss Controls: PCI Security Standards Council
4 pages
Pci-Dss What Does It Mean To Me?: Presented by
No ratings yet
Pci-Dss What Does It Mean To Me?: Presented by
10 pages
Test and Answer Key 2023-2024
No ratings yet
Test and Answer Key 2023-2024
3 pages
Simran Frontend Reactss
No ratings yet
Simran Frontend Reactss
1 page
What Are The 12 Requirements of PCI DSS Compliance
No ratings yet
What Are The 12 Requirements of PCI DSS Compliance
6 pages
Hipaa Nist Standard
No ratings yet
Hipaa Nist Standard
152 pages
Silvercrush Font
No ratings yet
Silvercrush Font
1 page
Unit - 3 Class 11 Computer Science Cbse Question and Answers
No ratings yet
Unit - 3 Class 11 Computer Science Cbse Question and Answers
3 pages
Help File
No ratings yet
Help File
9 pages
PCI DSS Implementation Guide 1711199156
No ratings yet
PCI DSS Implementation Guide 1711199156
145 pages
RG-AP810-I Wi-Fi 6 Dual-Radio Access Point Datasheet - For Preview - 09270949
No ratings yet
RG-AP810-I Wi-Fi 6 Dual-Radio Access Point Datasheet - For Preview - 09270949
18 pages
Use Case Diagram: Login
No ratings yet
Use Case Diagram: Login
5 pages
INFRA Master Manual A5 1 8 0 EN
No ratings yet
INFRA Master Manual A5 1 8 0 EN
70 pages
Adversary Engagement, A Practical Guide by MITRE
No ratings yet
Adversary Engagement, A Practical Guide by MITRE
48 pages
Junos Intermediate Routing - JIR
No ratings yet
Junos Intermediate Routing - JIR
2 pages
FHIR ImplementationGuide 28july
No ratings yet
FHIR ImplementationGuide 28july
62 pages
Assignme NT Topic: BCG Matrix of Microsoft Corporati On: Submitted To: MS. Alay
No ratings yet
Assignme NT Topic: BCG Matrix of Microsoft Corporati On: Submitted To: MS. Alay
4 pages
Attempt All The Questions: Shree Srijana Bidhya Mandir Urlabari-6, Morang Second Terminal Examination-2076
No ratings yet
Attempt All The Questions: Shree Srijana Bidhya Mandir Urlabari-6, Morang Second Terminal Examination-2076
2 pages
General Education - SET C - Part 4
No ratings yet
General Education - SET C - Part 4
4 pages
2-Port USB KVM Switch
No ratings yet
2-Port USB KVM Switch
2 pages
Data Structures Using C May 2016 (2009 Scheme)
No ratings yet
Data Structures Using C May 2016 (2009 Scheme)
2 pages
Cisco Network Services Orchestrator (NSO)
No ratings yet
Cisco Network Services Orchestrator (NSO)
7 pages
Assessment 1
No ratings yet
Assessment 1
2 pages
Future I 20 Questions Exercises
No ratings yet
Future I 20 Questions Exercises
1 page
PCI and The Solution Framework: Table 2-1
No ratings yet
PCI and The Solution Framework: Table 2-1
10 pages
RSM Toc
No ratings yet
RSM Toc
10 pages
Doc04 - ISO 27001-2013 ISMS Manual TOP
No ratings yet
Doc04 - ISO 27001-2013 ISMS Manual TOP
19 pages
Illustrative Flow Charts For Use of Core Banking Solution Software in Case of Bank Branch Audit
No ratings yet
Illustrative Flow Charts For Use of Core Banking Solution Software in Case of Bank Branch Audit
3 pages
Key Steps To Achieve PCI Compliance v2.0
No ratings yet
Key Steps To Achieve PCI Compliance v2.0
3 pages
Pci Dss v4 0 at A Glance
No ratings yet
Pci Dss v4 0 at A Glance
2 pages
Sap SD Topics
No ratings yet
Sap SD Topics
6 pages
CISSP - Certified Information Systems Security Professional Exam Preparation Study Guide
From Everand
CISSP - Certified Information Systems Security Professional Exam Preparation Study Guide
Georgio Daccache
5/5 (1)
CISA Exam-Testing Concept-Elements of PKI i.e CA/RA/CRL/CPS (Domain-5)
From Everand
CISA Exam-Testing Concept-Elements of PKI i.e CA/RA/CRL/CPS (Domain-5)
Hemang Doshi
4/5 (2)

PCI DSS v3 - 2 - 1 ROC S6 R3 Protect Stored Cardholder Data

Uploaded by

PCI DSS v3 - 2 - 1 ROC S6 R3 Protect Stored Cardholder Data

Uploaded by

Protect Stored Cardholder Data

Requirement 3: Protect stored cardholder data

 If applicable, any other output observed to be

 If applicable, any other output observed to be

3.6.7 Prevention of unauthorized substitution of cryptographic keys. ☐ ☐ ☐ ☐ ☐

You might also like