Document Comparison
PCI-DSS-v4-0-AOC-for-SAQ-B-IP-r1.pdf
→
PCI-DSS-v4-0-AOC-for-SAQ-B-IP-r2.pdf
97% similar
11 → 11
Pages
2164 → 2179
Words
5
Content Changes
Content Changes
5 content changes. 9 administrative changes (dates, page numbers) hidden.
Modified
p. 4
Facility Type Total number of locations (How many locations of this type are in scope) Location(s) of facility (city, country) Example: Data centers 3 Boston, MA, USA Part 2e. PCI SSC Validated Products and Solutions Does the merchant use any item identified on any PCI SSC Lists of Validated Products and Solutions♦? Provide the following information regarding each item the merchant uses from PCI SSC’s Lists of Validated Products and Solutions.
Facility Type Total number of locations (How many locations of this type are in scope) Location(s) of facility (city, country) Example: Data centers 3 Boston, MA, USA Part 2e. PCI SSC Validated Products and Solutions Does the merchant use any item identified on any PCI SSC Lists of Validated Products and Solutions? Provide the following information regarding each item the merchant uses from PCI SSC’s Lists of Validated Products and Solutions.
Modified
p. 4
PCI SSC listing reference number Expiry date of listing (YYYY-MM-DD) ♦ For purposes of this document, ”Lists of Validated Products and Solutions” means the lists of validated products, solutions, and/or components appearing on the PCI SSC website (www.pcisecuritystandards.org)for example, 3DS Software Development Kits, Approved PTS Devices, Validated Payment Software, Payment Applications (PA-DSS), Point to Point Encryption (P2PE) solutions, Software-Based PIN Entry on COTS (SPoC) solutions, and Contactless Payments on COTS (CPoC) solutions.
PCI SSC listing reference number Expiry date of listing (YYYY-MM-DD) For purposes of this document, ”Lists of Validated Products and Solutions” means the lists of validated products, solutions, and/or components appearing on the PCI SSC website (www.pcisecuritystandards.org)⎯for example, 3DS Software Development Kits, Approved PTS Devices, Validated Payment Software, Payment Applications (PA-DSS), Point to Point Encryption (P2PE) solutions, Software-Based PIN Entry on COTS (SPoC) solutions, and Contactless Payments on COTS (CPoC) solutions.
Modified
p. 5
• Manage system components included in the scope of the merchant’s PCI DSS assessmentfor example, via network security control services, anti-malware services, security incident and event management (SIEM), contact and call centers, web-hosting services, and IaaS, PaaS, SaaS, and FaaS cloud providers.
• Manage system components included in the scope of the merchant’s PCI DSS assessment⎯for example, via network security control services, anti-malware services, security incident and event management (SIEM), contact and call centers, web-hosting services, and IaaS, PaaS, SaaS, and FaaS cloud providers.
Modified
p. 7
The merchant uses only standalone, PCI-listed approved PTS point-of-interaction (POI) devices (excludes SCRs and SCRPs) connected via IP to merchant’s payment processor to take customers’ payment card information; The standalone IP-connected POI devices are validated to the PTS POI program as listed on the PCI SSC website (excludes SCRs and SCRPs); The standalone IP-connected POI devices are not connected to any other systems within the merchant environment (this can be achieved via network segmentation to isolate POI devices from other …
The merchant uses only standalone, PCI-listed approved PTS point-of-interaction (POI) devices (excludes SCRs and SCRPs) connected via IP to merchant’s payment processor to take customers’ payment card information; The standalone IP-connected POI devices are validated to the PTS POI program as listed on the PCI SSC website (excludes SCRs and SCRPs); The standalone IP-connected POI devices are not connected to any other systems within the merchant environment (this can be achieved via network segmentation to isolate POI devices from other …
Modified
p. 11
PCI DSS Requirement* Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO 1 Install and maintain network security controls 2 Apply secure configurations to all system components 3 Protect stored account data 6 Develop and maintain secure systems and software Restrict access to system components and cardholder data by business need to know 8 Identify users and authenticate access to system components 9 Restrict physical access to …
PCI DSS Requirement* Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO 1 Install and maintain network security controls 2 Apply secure configurations to all system components 3 Protect stored account data Protect cardholder data with strong cryptography during transmission over open, public networks 6 Develop and maintain secure systems and software Restrict access to system components and cardholder data by business need to know 8 Identify …