[PCI-DSS] Requirement 3: Protect stored cardholder data - PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum

		PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum > Payment Card Industry Data Security Standard Frequently Asked Questions (PCI DSS FAQ) > Protect Cardholder Data
[PCI-DSS] Requirement 3: Protect stored cardholder data

[PCI-DSS] Requirement 3: Protect stored cardholder data Encryption is a critical component of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective methods of protecting stored data should be considered as potential risk mitigation opportunities. For example, methods for minimizing risk include not storing cardholder data unless absolutely necessary, truncating cardholder data if full PAN is not needed, and not sending PAN in unencrypted e-mails.

Threads in Forum : [PCI-DSS] Requirement 3: Protect stored cardholder data

Forum Tools

Search this Forum

Rating Thread / Thread Starter	Last Post	Replies	Views
[PCI-DSS] 3.1 Keep cardholder data storage to a minimum. Develop a data retention and disposal policy. Limit storage amount and retention time to that which is required for business, legal, and/or regulatory purposes, as documented in the data retention policy. admin	03-18-2007 03:51 AM by admin	0	932
[PCI-DSS] 3.2 Do not store sensitive authentication data after authorization (even if encrypted). admin	03-18-2007 03:52 AM by admin	0	692
[PCI-DSS] 3.2.1 Do not store the full contents of any track from the magnetic stripe (located on the back of a card, contained in a chip, or elsewhere). This data is alternatively called full track, track, track 1, track 2, and magnetic-stripe data. admin	03-18-2007 03:52 AM by admin	0	536
[PCI-DSS] 3.2.2 Do not store the card-verification code or value (three-digit or four-digit number printed on the front or back of a payment card) used to verify card-not-present transactions. admin	08-03-2009 06:49 AM by Lemnik	1	875
[PCI-DSS] 3.2.3 Do not store the personal identification number (PIN) or the encrypted PIN block. admin	03-18-2007 03:53 AM by admin	0	484
[PCI-DSS] 3.3 Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed). admin	03-18-2007 03:53 AM by admin	0	2,119
[PCI-DSS] 3.4 Render PAN, at minimum, unreadable anywhere it is stored (including on portable digital media, backup media, in logs) by using any of the following approaches: admin	01-25-2010 12:23 PM by EmmaJenkinsVeritape	5	3,142
[PCI-DSS] 3.4.1 If disk encryption is used (rather than file- or column-level database encryption), logical access must be managed independently of native operating system access control mechanisms (for example, by not using local user account databases). Decryption keys must not be tied to user accounts. ( 1 2) admin	08-09-2008 11:57 AM by tim_holman	12	2,342
[PCI-DSS] 3.5 Protect cryptographic keys used for encryption of cardholder data against both disclosure and misuse: admin	03-23-2009 02:31 AM by nambiarenator	1	635
[PCI-DSS] 3.5.1 Restrict access to cryptographic keys to the fewest number of custodians necessary. admin	03-18-2007 03:54 AM by admin	0	434
[PCI-DSS] 3.5.2 Store cryptographic keys securely in the fewest possible locations and forms. admin	03-18-2007 03:55 AM by admin	0	615
[PCI-DSS] 3.6 Fully document and implement all key-management processes and procedures for cryptographic keys used for encryption of cardholder data, including the following: admin	03-18-2007 03:55 AM by admin	0	585
[PCI-DSS] 3.6.1 Generation of strong cryptographic keys admin	03-18-2007 03:55 AM by admin	0	494
[PCI-DSS] 3.6.2 Secure cryptographic key distribution admin	03-18-2007 03:56 AM by admin	0	653
[PCI-DSS] 3.6.3 Secure cryptographic key storage admin	03-18-2007 03:56 AM by admin	0	951
[PCI-DSS] 3.6.4 Periodic cryptographic key changes admin	04-22-2009 10:59 AM by randyb	1	959
[PCI-DSS] 3.6.5 Retirement or replacement of old or suspected compromised cryptographic keys admin	03-18-2007 03:57 AM by admin	0	463
[PCI-DSS] 3.6.6 Split knowledge and establishment of dual control of cryptographic keys admin	03-18-2007 03:57 AM by admin	0	1,188
[PCI-DSS] 3.6.7 Prevention of unauthorized substitution of cryptographic keys admin	03-18-2007 03:57 AM by admin	0	493
[PCI-DSS] 3.6.8 Requirement for cryptographic key custodians to sign a form stating that they understand and accept their key-custodian responsibilities admin	03-18-2007 03:58 AM by admin	0	519

Forum Tools	Search this Forum
Mark This Forum Read View Parent Forum	Search this Forum : Advanced Search

	New posts		Hot thread with new posts
	No new posts		Hot thread with no new posts
	Thread is closed

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off

All times are GMT -4. The time now is 01:14 AM.