Document Comparison
AOC_SAQ_A-EP_v3-1_rev1-1.pdf
→
AOC-SAQ_A_EP-v3_2.pdf
94% similar
8 → 8
Pages
1822 → 1878
Words
9
Content Changes
Content Changes
9 content changes. 6 administrative changes (dates, page numbers) hidden.
Added
p. 6
Section 3: Validation and Attestation Details Part 3. PCI DSS Validation This AOC is based on results noted in SAQ A-EP (Section 2), dated (SAQ completion date).
Modified
p. 1
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire A-EP For use with PCI DSS Version 3.1 Revision 1.1
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire A-EP For use with PCI DSS Version 3.2
Removed
p. 2
ISA Name(s) (if applicable): Title:
Modified
p. 4
Merchant accepts only e-commerce transactions; All processing of cardholder data, with the exception of the payment page, is entirely outsourced to a PCI DSS validated third-party payment processor; Merchant’s e-commerce website does not receive cardholder data but controls how consumers, or their cardholder data, are redirected to a PCI DSS validated third-party payment processor; If merchant website is hosted by a third-party provider, the provider is validated to all applicable PCI DSS requirements (e.g., including PCI DSS Appendix A if …
Merchant accepts only e-commerce transactions; All processing of cardholder data, with the exception of the payment page, is entirely outsourced to a PCI DSS validated third-party payment processor; Merchant’s e-commerce website does not receive cardholder data but controls how consumers, or their cardholder data, are redirected to a PCI DSS validated third-party payment processor; If merchant website is hosted by a third-party provider, the provider is validated to all applicable PCI DSS requirements (e.g., including PCI DSS Appendix A if …
Modified
p. 6
Based on the results documented in the SAQ A-EP noted above, the signatories identified in Parts 3b-3d, as applicable, assert(s) the following compliance status for the entity identified in Part 2 of this document (check one):
Removed
p. 7
Signature of ISA Date:
Modified
p. 7
Part 3c. QSA Acknowledgement (if applicable) If a QSA was involved or assisted with this assessment, describe the role performed:
Part 3c. Qualified Security Assessor (QSA) Acknowledgement (if applicable) If a QSA was involved or assisted with this assessment, describe the role performed:
Modified
p. 7
Part 3d. ISA Acknowledgement (if applicable) If a ISA was involved or assisted with this assessment, describe the role performed:
Part 3d. Internal Security Assessor (ISA) Involvement (if applicable) If an ISA(s) was involved or assisted with this assessment, identify the ISA personnel and describe the role performed:
Modified
p. 8
PCI DSS Requirement* Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters 3 Protect stored cardholder data 4 Encrypt transmission of cardholder data across open, public networks Protect all systems against malware and regularly update anti- virus software or programs 6 Develop and maintain secure …
PCI DSS Requirement* Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters 3 Protect stored cardholder data 4 Encrypt transmission of cardholder data across open, public networks Protect all systems against malware and regularly update anti-virus software or programs 6 Develop and maintain secure systems …