Document Comparison
PCI_Card_Production_Logical_AOC_v3.0.2.pdf
→
PCI_Card_Production_Logical_AOC_v3.0.3.pdf
89% similar
9 → 9
Pages
1495 → 1508
Words
17
Content Changes
Content Changes
17 content changes. 8 administrative changes (dates, page numbers) hidden.
Added
p. 2
Payment Brand Identification Code:
Start date: YYYY-MM-DD Completion date: YYYY-MM-DD
Start date: YYYY-MM-DD Completion date: YYYY-MM-DD
Modified
p. 2
Section 1: Assessment Information Instructions for Submission This Attestation of Compliance must be completed as a declaration of the results of the card vendor’s assessment with the Payment Card Industry Card Production and Provisioning Logical Security Requirements (PCI CPPLSR). Complete all sections: The card vendor is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the requesting payment brand for reporting and submission procedures.
Section 1: Assessment Information Instructions for Submission This Attestation of Compliance must be completed by the assessor as a declaration of the results of the card vendor’s assessment with the Payment Card Industry Card Production and Provisioning Logical Security Requirements (PCI CPPLSR). All sections must be completed. The assessor is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the requesting payment brand for reporting and submission procedures.
Modified
p. 2
Part 1b. Card Production Security Assessor Company Information (if applicable) Company Name:
Part 1b. Card Production Security Assessor Company Information Company Name:
Modified
p. 3
Type of Assessment Annual audit
• no change in activities Existing location that added activities Initial (new facility) Card Production Activities Assessed:
• no change in activities Existing location that added activities Initial (new facility) Card Production Activities Assessed:
Type of Assessment Annual audit
• no change in activities Existing location that added or removed activities Initial (new facility) Card Production Activities Assessed:
• no change in activities Existing location that added or removed activities Initial (new facility) Card Production Activities Assessed:
Removed
p. 4
Start date (yyyy/mm/dd):
Completion date (yyyy/mm/dd):
Completion date (yyyy/mm/dd):
Modified
p. 4
• Date of Report (yyyy/mm/dd):
• Date of Report: YYYY-MM-DD
Modified
p. 4
Start date (yyyy/mm/dd): Completion date (yyyy/mm/dd):
Start date: YYYY-MM-DD Completion date: YYYY-MM-DD
Modified
p. 5
• The requirement and all sub-requirements of that requirement were assessed, and no sub- requirements were marked as “Not Applicable” in the ROC.
• The requirement and all sub-requirements of that requirement were assessed, and no sub-requirements were marked as “Not Applicable” in the ROC.
Modified
p. 5
• Details of specific sub-requirements that were marked as “Not Applicable” in the ROC
• Details of specific sub-requirements that were marked as “Not Applicable” in the ROC.
Modified
p. 5
PCI Card Production and Provisioning Logical Security Details of Requirements Assessed Full Partial None Justification for Approach (Required for all “Partial” and “None” responses. Identify which sub- requirements were not applicable and the reason.)
PCI Card Production and Provisioning Logical Security Details of Requirements Assessed Full Partial None Justification for Approach (Required for all “Partial” and “None” responses. Identify which sub-requirements were not applicable and the reason.)
Modified
p. 6
The assessment documented in this attestation and in the ROC was completed on:
The assessment documented in this attestation and in the ROC was completed on: YYYY-MM-DD Were any requirements in the ROC identified as being not applicable (N/A)? Yes No Were any requirements not tested? Yes No Were any requirements in the ROC unable to be met due to a legal constraint? Yes No
Removed
p. 7
I have read the PCI Card Production and Provisioning Logical Security Requirements and I recognize that I must maintain PCI Card Production Security Requirements compliance, as applicable to my environment, at all times.
Modified
p. 7
Affected Requirement Details of how legal constraint prevents requirement being met Part 3a. Acknowledgement of Status Signatory(s) confirms:
Affected Requirement Details of how legal constraint prevents requirement from being met
Modified
p. 7 → 8
Date: YYYY-MM-DD Part 3b. Security Assessor Attestation The ROC was completed according to the PCI Card Production and Provisioning Logical Security Requirements, Version (version number), and was completed according to the instructions therein.
Removed
p. 8
Part 3c. Security Assessor Acknowledgement (if applicable) If a Security Assessor was involved or assisted with this assessment, describe the role performed:
Modified
p. 8
Signature of Assessor Date:
Signature of Assessor Date: YYYY-MM-DD Assessor Name: Assessor Company:
Modified
p. 9
PCI Card Production and Provisioning Logical Section Description of Requirement Compliant to PCI Card Vendor Security Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) 1 Roles and Responsibilities 2 Security Policy and Procedures 3 Data Security 4 Network Security 5 System Security 6 User Management and System Access Control 7 Key Management: Secret Data 8 Key Management: Confidential Data 9 PIN Distribution via Electronic Methods
PCI Card Production and Provisioning Logical Section Description of Requirement Compliant to PCI Card Production and Provisioning Security Requirements (Select One) Remediation Date and Actions (If “NO” selected for any requirement) 1 Roles and Responsibilities 2 Security Policy and Procedures 3 Data Security 4 Network Security 5 System Security 6 User Management and System Access Control 7 Key Management: Secret Data 8 Key Management: Confidential Data 9 PIN Distribution via Electronic Methods