PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum > Payment Card Industry Data Security Standard Frequently Asked Questions (PCI DSS FAQ) > Appendix A: PCI DSS Applicability for Hosting Providers > Requirement A.1: Hosting providers protect cardholder data environment

1. A.1 Protect each entity's (that is merchant, service provider, or other entity) hosted environment and data, as in A.1.1 through A.1.4: A hosting provider must fulfill these requirements as well as all other relevant sections of the PCI DSS. Note: Even though a hosting provider may meet these requirements, the compliance of the entity that uses the hosting provider is not guaranteed. Each entity must comply with the PCI DSS and validate compliance as applicable.
2. A.1.1 Ensure that each entity only has access to own cardholder data environment
3. A.1.2 Restrict each entity's access and privileges to own cardholder data environment only
4. A.1.3 Ensure logging and audit trails are enabled and unique to each entity's cardholder data environment and consistent with PCI DSS Requirement 10
5. A.1.4 Enable processes to provide for timely forensic investigation in the event of a compromise to any hosted merchant or service provider.

vBulletin® v3.7.4, Copyright ©2000-2009, Jelsoft Enterprises Ltd.