FAQs that have been removed from the PCI SSC website or have dead links.
The objective of PCI DSS Requirement 9.6.1 "Classify media so the sensitivity of the data can be determined," is to ensure that media is controlled and protected against inadvertent or …
Since the individual payment brands are responsible for their own PCI DSS compliance programs, organizations should follow each brand's specific compliance processes and procedures.
In general, it is expected that a company would have a policy and process for background checks, including their own decision process for which background check results would have an …
At a high level, adequate network segmentation isolates systems that store, process, or transmit cardholder data from those that do not. Network segmentation can be achieved through a number of …
Please visit www.pcisecuritystandards.org and download/complete the application for joining the Council. Once your application fee is received and your organization has been approved as a new Participating Organization, you will …
The PCI Security Standards Council will not list PCI DSS compliant service providers or merchants on its Web site, since each individual brand is responsible for managing their own PCI …
The term "remote access" refers to access to a computer network from a location outside of that network. Examples of remote access include access from the Internet, an "untrusted" network …
PCI DSS Requirement 3.3 states that PAN must be masked when displayed (the first six and last four digits are the maximum number of digits to be displayed) such that …
The intent of this requirement is to address the acceptability of disk encryption for rendering cardholder data unreadable. Disk encryption encrypts data stored on a computer's mass storage and automatically …
PCI DSS requirement 10.2.5 requires organizations to log the use of and changes to identification and authentication mechanisms. These mechanisms include activities such as creation of new accounts and elevation …
