Deleted FAQs

The PCI P2PE Standard and Program require the use of a PTS-approved (non-expired) point-of-interaction (POI) device, which has been evaluated and approved via the PCI PTS program with SRED (secure …

Network segmentation of, or isolating (segmenting), the cardholder data environment from the remainder of an entity's network is strongly recommended as a method that may reduce the scope of a …

Compliance validation programs are managed by the individual payment brands, not by the PCI Security Standards Council. Payment brand validation programs may include whether certain applications must be PA-DSS validated, …

To minimize changes to the standards, the PCI Security Standards Council (PCI SSC) has established a lifecycle approach for PCI DSS and PA-DSS, where version changes to the standards will …

The objective of PCI DSS Requirement 9.6.1 "Classify media so the sensitivity of the data can be determined," is to ensure that media is controlled and protected against inadvertent or …

The intent of this requirement is to address the acceptability of disk encryption for rendering cardholder data unreadable. Disk encryption encrypts data stored on a computer's mass storage and automatically …

The term "two-factor" was replaced with the term "multi-factor" in several requirements in PCI DSS v3.2 (Requirements 8.3, 8.3.1, 8.3.2, and 8.5.1). The intent of this change was to use …

PCI DSS requirement 10.2.5 requires organizations to log the use of and changes to identification and authentication mechanisms. These mechanisms include activities such as creation of new accounts and elevation …

In general, it is expected that a company would have a policy and process for background checks, including their own decision process for which background check results would have an …

Application version numbers may consist of any combination of alphanumeric characters to create a unique version, discernible from other versions of that payment application, based on the vendor's versioning methodology. …