Document Comparison
PCI-DSS-v4-0-ROC-AOC-Merchants-r1.pdf
→
PCI-DSS-v4-0-1-ROC-AOC-Merchants.pdf
94% similar
11 → 11
Pages
2196 → 2244
Words
12
Content Changes
Content Changes
12 content changes. 8 administrative changes (dates, page numbers) hidden.
Added
p. 2
Date Assessment Ended:
Added
p. 11
Note: The PCI Security Standards Council is a global standards body that provides resources for payment security professionals developed collaboratively with our stakeholder community. Our materials are accepted in numerous compliance programs worldwide. Please check with your individual compliance accepting organization to ensure that this form is acceptable in their program. For more information about PCI SSC and our stakeholder community please visit: https://www.pcisecuritystandards.org/about_us/
Modified
p. 2
PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Merchants Entity Name:
PCI DSS v4.0.1 Attestation of Compliance for Report on Compliance - Merchants Entity Name:
Modified
p. 3
Section 1 Assessment Information Instructions for Submission This Attestation of Compliance (AOC) must be completed as a declaration of the results of the merchant’s assessment against the Payment Card Industry Data Security Standard (PCI DSS) Requirements and Testing Procedures (“Assessment”). Complete all sections. The merchant is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the entity(ies) to which this AOC will be submitted for reporting and submission procedures.
Section 1: Assessment Information Instructions for Submission This Attestation of Compliance (AOC) must be completed as a declaration of the results of the merchant’s assessment against the Payment Card Industry Data Security Standard (PCI DSS) Requirements and Testing Procedures (“Assessment”). Complete all sections. The merchant is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the entity(ies) to which this AOC will be submitted for reporting and submission procedures.
Modified
p. 4
Part 2b. Description of Role with Payment Cards (ROC Section 2.1) For each payment channel included in this Assessment as selected in Part 2a above, describe how the business stores, processes, and/or transmits account data.
Part 2b. Description of Role with Payment Cards (ROC Sections 2.1 and 3.1) For each payment channel included in this Assessment as selected in Part 2a above, describe how the business stores, processes, and/or transmits account data.
Modified
p. 5
Name of PCI SSC- Validated Product or Version of Product or
Name of PCI SSC Validated Product or Version of Product or
Modified
p. 5
PCI SSC Listing Expiry Date of YYYY-MM-DD YYYY-MM-DD YYYY-MM-DD YYYY-MM-DD YYYY-MM-DD YYYY-MM-DD * For purposes of this document, ”Lists of Validated Products and Solutions” means the lists of validated products, solutions, and/or components, appearing on the PCI SSC website (www.pcisecuritystandards.org) (for example, 3DS Software Development Kits, Approved PTS Devices, Validated Payment Software, Payment Applications (PA-DSS), Point to Point Encryption (P2PE) solutions, Software-Based PIN Entry on COTS (SPoC) solutions, and Contactless Payments on COTS (CPoC) solutions).
PCI SSC Listing Expiry Date of YYYY-MM-DD YYYY-MM-DD YYYY-MM-DD YYYY-MM-DD YYYY-MM-DD YYYY-MM-DD * For purposes of this document, ”Lists of Validated Products and Solutions” means the lists of validated products, solutions, and/or components, appearing on the PCI SSC website (www.pcisecuritystandards.org) (for example, 3DS Software Development Kits, Approved PTS Devices, Validated Payment Software, Point to Point Encryption (P2PE) solutions, Software-Based PIN Entry on COTS (SPoC) solutions, Contactless Payments on COTS (CPoC) solutions), and Mobile Payments on COTS (MPoC) products.
Modified
p. 7
PCI DSS Requirement Requirement Finding More than one response may be selected for a given requirement. Indicate all responses that apply.
PCI DSS Requirement Requirement Finding More than one response may be selected for a given requirement.
Modified
p. 7
Select If Below Method(s) In Place Not Applicable Not Tested Not In Customized Compensating
Select If a Compensating Control(s) Was Used In Place Not Applicable Not Tested Not In Place
Removed
p. 8
• Examine documentation Yes No
• Interview personnel Yes No
• Examine/observe live data Yes No
• Observe process being performed Yes No
• Observe physical environment Yes No
• Interactive testing Yes No
• Interview personnel Yes No
• Examine/observe live data Yes No
• Observe process being performed Yes No
• Observe physical environment Yes No
• Interactive testing Yes No
Modified
p. 8
Section 2 Report on Compliance (ROC Sections 1.2 and 1.3.2) Date Assessment began: Note: This is the first date that evidence was gathered, or observations were made.
Section 2 Report on Compliance (ROC Sections 1.2 and 1.3) Date Assessment began: Note: This is the first date that evidence was gathered, or observations were made.
Modified
p. 8
YYYY-MM-DD Were any requirements in the ROC unable to be met due to a legal constraint? Yes No Were any testing activities performed remotely? If yes, for each testing activity below, indicate whether remote assessment activities were performed:
YYYY-MM-DD Were any requirements in the ROC unable to be met due to a legal constraint? Yes No Were any testing activities performed remotely? Yes No