PCI Watch

Tracking changes across the Payment Card Industry

Document Comparison

PCI-DSS-v4-0-AOC-SAQ-D-Service-Provider-r2.pdf PCI-DSS-v4-0-1-AOC-for-SAQ-D-Service-Provider-r1.pdf
95% similar
12 → 12 Pages
2442 → 2524 Words
11 Content Changes

Content Changes

11 content changes. 12 administrative changes (dates, page numbers) hidden.

Added p. 12
Note: The PCI Security Standards Council is a global standards body that provides resources for payment security professionals developed collaboratively with our stakeholder community. Our materials are accepted in numerous compliance programs worldwide. Please check with your individual compliance-accepting organization to ensure that this form is acceptable in its program. For more information about PCI SSC and our stakeholder community please visit: https://www.pcisecuritystandards.org/about_us/.
Modified p. 5
Indicate whether the environment includes segmentation to reduce the scope of the assessment. (Refer to “Segmentation” section of PCI DSS for guidance on segmentation.) Part 2d. In-Scope Locations/Facilities List all types of physical locations/facilities⎯for example, corporate offices, data centers, call centers, and mail rooms⎯in scope for the PCI DSS assessment.
Indicate whether the environment includes segmentation to reduce the scope of the assessment. (Refer to “Segmentation” section of PCI DSS for guidance on segmentation.) Part 2d. In-Scope Locations/Facilities List all types of physical locations/facilities¾for example, corporate offices, data centers, call centers, and mail rooms¾in scope for the PCI DSS assessment.
Modified p. 6
Name of PCI SSC- validated Product or Version of Product or
Name of PCI SSC validated Product or Version of Product or
Modified p. 6
PCI SSC listing reference number Expiry date of listing (YYYY-MM-DD) For purposes of this document, ”Lists of Validated Products and Solutions” means the lists of validated products, solutions, and/or components appearing on the PCI SSC website (www.pcisecuritystandards.org)⎯for example, 3DS Software Development Kits, Approved PTS Devices, Validated Payment Software, Payment Applications (PA- DSS), Point to Point Encryption (P2PE) solutions, Software-Based PIN Entry on COTS (SPoC) solutions, and Contactless Payments on COTS (CPoC) solutions.
PCI SSC listing reference number Expiry date of listing (YYYY-MM-DD) ¨ For purposes of this document, ”Lists of Validated Products and Solutions” means the lists of validated products, solutions, and/or components, appearing on the PCI SSC website (www.pcisecuritystandards.org)¾for example, 3DS Software Development Kits, Approved PTS Devices, Validated Payment Software, Point to Point Encryption (P2PE) solutions, Software-Based PIN Entry on COTS (SPoC) solutions, Contactless Payments on COTS (CPoC) solutions, and Mobile Payments on COTS (MPoC) products.
Modified p. 7
• Manage system components included in the scope of the entity’s PCI DSS assessment⎯for example, via network security control services, anti-malware services, security incident and event management (SIEM), contact and call centers, web-hosting services, and IaaS, PaaS, SaaS, and FaaS cloud providers.
• Manage system components included in the scope of the entity’s PCI DSS assessment¾for example, via network security control services, anti-malware services, security incident and event management (SIEM), contact and call centers, web-hosting services, and IaaS, PaaS, SaaS, and FaaS cloud providers.
Modified p. 7
• Could impact the security of the entity’s CDE⎯for example, vendors providing support via remote access, and/or bespoke software developers.
• Could impact the security of the entity’s CDE¾for example, vendors providing support via remote access, and/or bespoke software developers.
Modified p. 10
Based on the results documented in the SAQ D noted above, each signatory identified in any of Parts 3b−3d, as applicable, assert(s) the following compliance status for the entity identified in Part 2 of this document.
Based on the results documented in the SAQ D noted above, each signatory identified in any of Parts 3b-3d, as applicable, assert(s) the following compliance status for the entity identified in Part 2 of this document.
Modified p. 11
PCI DSS Self-Assessment Questionnaire D, Version 4.0 was completed according to the instructions therein.
PCI DSS Self-Assessment Questionnaire D, Version 4.0.1, was completed according to the instructions therein.
Modified p. 11
Part 3b. Service Provider Attestation Signature of Service Provider Executive Officer Date: YYYY-MM-DD Service Provider Executive Officer Name: Title:
Part 3b. Service Provider Attestation Signature of Service Provider Executive Officer á Date: YYYY-MM-DD Service Provider Executive Officer Name: Title:
Modified p. 11
Signature of Lead QSA Date: YYYY-MM-DD Lead QSA Name:
Signature of Lead QSA á Date: YYYY-MM-DD Lead QSA Name:
Modified p. 11
Signature of Duly Authorized Officer of QSA Company Date: YYYY-MM-DD Duly Authorized Officer Name: QSA Company:
Signature of Duly Authorized Officer of QSA Company á Date: YYYY-MM-DD Duly Authorized Officer Name: QSA Company: