Document Diff - PCI Watch

Added p. 4

• Was the review done onsite or remotely:

• If remotely, state the rationale:

• Reason why sub-requirement(s) were not applicable.

Non-Compliant due to Legal exception: One or more requirements are marked non-compliant as “Open” or “New” due to a legal restriction that prevents the requirement from being met. This option requires additional review from the payment brand.

Note: Contractual obligations or legal advice are not legal restrictions. If checked, complete the following:

Modified p. 3

Type of Assessment Annual Existing ~~Vendor~~ that added ~~services~~ Initial ~~(New Vendor)~~ Card Production Activities Assessed:

Type of Assessment Annual audit

• no change in activities Existing location that added activities Initial (new facility) Card Production Activities Assessed:

Modified p. 3

~~Card (Mobile)~~ Provisioning Activities Assessed:

Mobile Provisioning Activities Assessed:

Modified p. 3

Secure Element Provisioning ~~Services~~ Product/Solution Description Cloud-based (HCE) Provisioning ~~Services~~ Product/Solution Description ~~Part 2c. Locations~~

Secure Element Provisioning Activities Product/Solution Description Cloud-based (HCE) Provisioning Activities Product/Solution Description

Modified p. 3 → 4

• ~~Identify~~ date(s) spent onsite at the entity:

• If applicable, identify date(s) spent onsite at the entity:

Modified p. 4 → 5

~~ Full~~

• The requirement and all sub-requirements of that requirement were assessed, and no ~~sub-requirements~~ were marked as “Not Applicable” in the ROC.

• The requirement and all sub-requirements of that requirement were assessed, and no sub- requirements were marked as “Not Applicable” in the ROC.

Modified p. 4 → 5

~~ Partial~~

• One or more sub-requirements of that requirement were marked as “Not Applicable” in the ROC.

• One or more sub-requirements of that requirement were marked as “Not Applicable” in the ROC.

Modified p. 4 → 5

~~ None~~

• All sub-requirements of that requirement were marked as “Not Applicable” in the ROC.

• All sub-requirements of that requirement were marked as “Not Applicable” in the ROC.

Modified p. 4 → 5

 Details of specific sub-requirements that were marked as “Not Applicable” in the ROC ~~ Reason why sub-requirement(s) were not applicable~~

• Details of specific sub-requirements that were marked as “Not Applicable” in the ROC

Modified p. 4 → 5

Section 2: Roles and Responsibilities

Section 1: Roles and Responsibilities

Modified p. 4 → 5

Section 3: Security Policy and Procedures

Section 2: Security Policy and Procedures

Modified p. 4 → 5

Section 4: Data Security

Section 3: Data Security

Modified p. 4 → 5

Section 5: Network Security

Section 4: Network Security

Modified p. 4 → 5

Section 6: System Security

Section 5: System Security

Modified p. 4 → 5

Section 7: User Management and System Access Control

Section 6: User Management and System Access Control

Modified p. 4 → 5

Section 8: Key Management: Secret Data

Section 7: Key Management: Secret Data

Modified p. 4 → 5

Section 9: Key Management: Confidential Data

Section 8: Key Management: Confidential Data

Modified p. 4 → 5

Section ~~10:~~ PIN Distribution via Electronic Methods

Section 9: PIN Distribution via Electronic Methods

Removed p. 6

Compliant but with Legal exception: One or more requirements are marked “Not in Place” due to a legal restriction that prevents the requirement from being met. This option requires additional review from acquirer or payment brand.

Modified p. 6 → 7

Compliant: All sections of the PCI Card Production and Provisioning Logical Security ROC are complete, all questions answered affirmatively, resulting in an overall COMPLIANT rating; thereby (Card ~~Prodcution~~ and Provisioning ~~Vendoir~~ Company Name) has demonstrated full compliance with the PCI Card Production and Provisioning Logical Security Requirements.

Compliant: All sections of the PCI Card Production and Provisioning Logical Security ROC are complete, all questions answered affirmatively, resulting in an overall COMPLIANT rating; thereby (Card Production and Provisioning Vendor Company Name) has demonstrated full compliance with the PCI Card Production and Provisioning Logical Security Requirements.

Modified p. 6 → 7

Non-Compliant: Not all sections of the PCI Card Production and Provisioning Logical Security ROC are complete, or not all questions are answered affirmatively, resulting in an overall NON-COMPLIANT rating, thereby (Card ~~Prodcution~~ and Provisioning Vendor Company Name) has not demonstrated full compliance with the PCI Card Production and Provisioning Logical Security Requirements.

Non-Compliant: Not all sections of the PCI Card Production and Provisioning Logical Security ROC are complete, or not all questions are answered affirmatively, resulting in an overall NON-COMPLIANT rating, thereby (Card Production and Provisioning Vendor Company Name) has not demonstrated full compliance with the PCI Card Production and Provisioning Logical Security Requirements.

Modified p. 8 → 9

PCI Card Production Logical Section Description of Requirement Compliant to PCI Card Vendor Security Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) 2 Roles and Responsibilities 3 Security Policy and Procedures 4 Data Security 5 Network Security 6 System Security 7 User Management and System Access Control 8 Key Management: Secret Data 9 Key Management: Confidential Data ~~10 Electronic~~ PIN Distribution

PCI Card Production and Provisioning Logical Section Description of Requirement Compliant to PCI Card Vendor Security Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) 1 Roles and Responsibilities 2 Security Policy and Procedures 3 Data Security 4 Network Security 5 System Security 6 User Management and System Access Control 7 Key Management: Secret Data 8 Key Management: Confidential Data 9 PIN Distribution via Electronic Methods

Document Comparison

Content Changes