FAQs that have been removed from the PCI SSC website or have dead links.
Since the individual payment brands are responsible for their own PCI DSS compliance programs, organizations should follow each brand's specific compliance processes and procedures.
Without proper network segmentation to isolate the systems that store, process or transmit cardholder data from those that do not, all system components in that network are considered part of …
No. In order to meet PA-DSS and PCI DSS requirements, the payment application must facilitate the customers' ability to perform key changes periodically and as required by the customer in …
No. If cryptographic keys are provided by the application vendor as part of the application, the keys must be unique to each customer or installation. An application that requires the …
PCI DSS applies to entities involved in payment card processing or that otherwise store, process, or transmit cardholder data; the Payment Application Data Security Standard (PA-DSS) applies to payment applications …
The PCI DSS is a global standard and is applicable to all entities that process, transmit or store cardholder data regardless of geographic location. Each payment brand manages their PCI …
The objective of PCI DSS Requirement 9.6.1 “Classify media so the sensitivity of the data can be determined,” is to ensure that media is controlled and protected against inadvertent or …
In general, it is expected that a company would have a policy and process for background checks, including their own decision process for which background check results would have an …
At a high level, adequate network segmentation isolates systems that store, process, or transmit cardholder data from those that do not. Network segmentation can be achieved through a number of …
The PA-DSS details the requirements a payment application must meet in order to facilitate a customer’s PCI DSS compliance. PA-DSS validated payment applications, when implemented in a PCI DSS-compliant environment, …
