[READ-ONLY] Archives [RETIRED] PA-DSS v.1.x Questions and Answers

[PA-DSS] 1. Do not retain full magnetic stripe, c Do not retain full magnetic stripe, card validation code or value (CAV2, CID, CVC2, CVV2), or PIN block data [PA-DSS] 2. Protect stored cardholder data Protect stored cardholder data [PA-DSS] 4. Log payment application activity Log payment application activity [PA-DSS] 7. Test payment applications to address v [PA-DSS] 9. Cardholder data must never be stored o Cardholder data must never be stored on a server connected to the Internet [PA-DSS] 13. Encrypt all non-console administrativ [PA-DSS] 11. Facilitate secure remote access to pa [PA-DSS] 14. Maintain instructional documentation Maintain instructional documentation and training programs for customers, resellers, and integrators. [PA-DSS] 8. Facilitate secure network implementati [PA-DSS] 10. Facilitate secure remote software upd [PA-DSS] 12. Encrypt sensitive traffic over public [PA-DSS] 5. Develop secure payment applications Develop secure payment applications [PA-DSS] 6. Protect wireless transmissions Protect wireless transmissions [PA-DSS] 3. Provide secure authentication features Provide secure authentication features

Topic	Replies	Views	Activity
About the [RETIRED] PA-DSS v.1.x Questions and Answers category [RETIRED] PA-DSS v.1.x Questions and Answers	0	36	January 23, 2023
[PA-DSS] 2.4 If disk encryption is used (rather than file- or column-level database encryption), log [PA-DSS] 2. Protect stored cardholder data	1	6854	November 11, 2013
[PA-DSS] 12.1 If the payment application sends, or facilitates sending, cardholder data over public [PA-DSS] 12. Encrypt sensitive traffic over public	1	13443	June 7, 2011
[PA-DSS] 3.3 Encrypt payment application passwords during transmission and storage, using strong cry [PA-DSS] 3. Provide secure authentication features	1	10479	August 30, 2010
[PA-DSS] 5.2.4 Insecure direct object references (do not expose internal object references to users) [PA-DSS] 5. Develop secure payment applications	1	2897	June 30, 2010
[PA-DSS] 2.5 Payment application must protect encryption keys used for encryption of cardholder dat [PA-DSS] 2. Protect stored cardholder data	8	7525	May 24, 2010
[PA-DSS] 14.2.1 Update the training materials on an annual basis and whenever new payment applicatio [PA-DSS] 14. Maintain instructional documentation	1	10012	February 2, 2010
[PA-DSS] 6.2 For payment applications using wireless technology, payment application must facilitate [PA-DSS] 6. Protect wireless transmissions	0	2423	March 18, 2007
[PA-DSS] 11.2 If the payment application may be accessed remotely, remote access to the payment appl [PA-DSS] 11. Facilitate secure remote access to pa	0	3808	March 18, 2007
[PA-DSS] 7.1 Software vendors must establish a process to identify newly discovered security vulnera [PA-DSS] 7. Test payment applications to address v	0	10587	March 18, 2007
[PA-DSS] 7.2 Software vendors must establish a process for timely development and deployment of secu [PA-DSS] 7. Test payment applications to address v	0	2301	March 18, 2007
[PA-DSS] 8.1 The payment application must be able to be implemented into a secure network environmen [PA-DSS] 8. Facilitate secure network implementati	0	10148	March 18, 2007
[PA-DSS] 14.1.2 Includes a review at least annually and updates to keep the documentation current wi [PA-DSS] 14. Maintain instructional documentation	0	1833	March 18, 2007
[PA-DSS] 10.1 If payment application updates are delivered via remote access into customers' systems [PA-DSS] 10. Facilitate secure remote software upd	0	11120	March 18, 2007
[PA-DSS] 13.1 Instruct customers to encrypt all non-console administrative access using technologies [PA-DSS] 13. Encrypt all non-console administrativ	0	10228	March 18, 2007
[PA-DSS] 14.1 Develop, maintain, and disseminate a PA-DSS Implementation Guide(s) for customers, res [PA-DSS] 14. Maintain instructional documentation	0	3077	March 18, 2007
[PA-DSS] 14.1.1 Addresses all requirements in this document wherever the PA-DSS Implementation Guide [PA-DSS] 14. Maintain instructional documentation	0	2212	March 18, 2007
[PA-DSS] 5.3.1 Documentation of impact [PA-DSS] 5. Develop secure payment applications	0	1643	March 18, 2007
[PA-DSS] 5.2.7 Broken authentication and session management (properly authenticate users and protect [PA-DSS] 5. Develop secure payment applications	0	2924	March 18, 2007
[PA-DSS] 5.2.8 Insecure cryptographic storage (prevent cryptographic flaws) [PA-DSS] 5. Develop secure payment applications	0	1802	March 18, 2007
[PA-DSS] 5.2.9 Insecure communications (properly encrypt all authenticated and sensitive communicat [PA-DSS] 5. Develop secure payment applications	0	1546	March 18, 2007
[PA-DSS] 5.2.10 Failure to restrict URL access (consistently enforce access control in presentation [PA-DSS] 5. Develop secure payment applications	0	1525	March 18, 2007
[PA-DSS] 5.3 Software vendor must follow change control procedures for all product software configur [PA-DSS] 5. Develop secure payment applications	0	1469	March 18, 2007
[PA-DSS] 5.3.2 Management sign-off by appropriate parties [PA-DSS] 5. Develop secure payment applications	0	1319	March 18, 2007
[PA-DSS] 9.1 The payment application must be developed such that the database server and web server [PA-DSS] 9. Cardholder data must never be stored o	0	10262	March 18, 2007
[PA-DSS] 11.3 If vendors, resellers/integrators, or customers can access customer's payment applicat [PA-DSS] 11. Facilitate secure remote access to pa	0	2378	March 18, 2007
[PA-DSS] 11.1 The payment application must not interfere with use of a two-factor authentication mec [PA-DSS] 11. Facilitate secure remote access to pa	0	11275	March 18, 2007
[PA-DSS] 5.3.3 Testing of operational functionality [PA-DSS] 5. Develop secure payment applications	0	1305	March 18, 2007
[PA-DSS] 5.3.4 Back-out or product de-installation procedures [PA-DSS] 5. Develop secure payment applications	0	1457	March 18, 2007
[PA-DSS] 5.4 The payment application must not use or require use of unnecessary and insecure servic [PA-DSS] 5. Develop secure payment applications	0	1717	March 18, 2007