|
|
|||||||
| [PCI-DSS] Requirement 3: Protect stored cardholder data Encryption is a critical component of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective methods of protecting stored data should be considered as potential risk mitigation opportunities. For example, methods for minimizing risk include not storing cardholder data unless absolutely necessary, truncating cardholder data if full PAN is not needed, and not sending PAN in unencrypted e-mails. |
 |
|
|
Thread Tools | Search this Thread | Display Modes |
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [PA-DSS] 2.7 Securely delete any cryptographic key material or cryptogram stored by previous versions of the payment application, in accordance with industry-accepted standards for secure deletion, as defined, for example the list of approved products maintained by the National Security Agency, or by other State or National standards or regulations. These are cryptographic keys used to encrypt or verify cardholder data | admin | [PA-DSS] 2. Protect stored cardholder data | 0 | 03-18-2007 02:44 AM |
| [PA-DSS] 2.6 Payment application must implement key management processes and procedures for keys used for encryption of cardholder data | admin | [PA-DSS] 2. Protect stored cardholder data | 0 | 03-18-2007 02:44 AM |
[PCI-DSS] 3.6.1 Generation of strong cryptographic keys
Linear Mode
