Document Comparison
AOC-SAQ_A_EP-v3_2-rev1_1.pdf
→
AOC-SAQ-A-EP-v3-2-1-r2.pdf
92% similar
8 → 10
Pages
1881 → 1972
Words
4
Content Changes
Content Changes
4 content changes. 9 administrative changes (dates, page numbers) hidden.
Modified
p. 2 → 3
Section 1: Assessment Information Instructions for Submission This document must be completed as a declaration of the results of the merchant’s self-assessment with the Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures (PCI DSS). Complete all sections: The merchant is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact acquirer (merchant bank) or the payment brands to determine reporting and submission procedures.
Section 1: Assessment Information Instructions for Submission This document must be completed as a declaration of the results of the merchant’s self-assessment with the Payment Card Industry Data Security Standard Requirements and Security Assessment Procedures (PCI DSS). Complete all sections: The merchant is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact your acquirer (merchant bank) or the payment brands to determine reporting and submission procedures.
Modified
p. 3 → 4
Type of facility Number of facilities of this type Location(s) of facility (city, country) Example: Retail outlets 3 Boston, MA, USA Part 2d. Payment Application Does the organization use one or more Payment Applications? Yes No Provide the following information regarding the Payment Applications your organization uses:
Type of facility Number of facilities of this type Location(s) of facility (city, country) Example: Retail outlets 3 Boston, MA, USA
Modified
p. 3 → 5
Does your business use network segmentation to affect the scope of your PCI DSS environment? (Refer to “Network Segmentation” section of PCI DSS for guidance on network segmentation)
Does your business use network segmentation to affect the scope of your PCI DSS environment? (Refer to “Network Segmentation” section of PCI DSS for guidance on network segmentation) Part 2f. Third-Party Service Providers Does your company use a Qualified Integrator & Reseller (QIR)? Yes No Name of QIR Company:
Modified
p. 8 → 10
PCI DSS Requirement* Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters 3 Protect stored cardholder data 4 Encrypt transmission of cardholder data across open, public networks Protect all systems against malware and regularly update anti-virus software or programs 6 Develop and maintain secure systems …
PCI DSS Requirement* Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters 3 Protect stored cardholder data 4 Encrypt transmission of cardholder data across open, public networks Protect all systems against malware and regularly update anti-virus software or programs 6 Develop and maintain secure systems …