|
About the [RETIRED] PA-DSS v.1.x Questions and Answers category
|
|
0
|
93
|
January 23, 2023
|
|
[PA-DSS] 2.4 If disk encryption is used (rather than file- or column-level database encryption), log
|
|
1
|
6938
|
November 11, 2013
|
|
[PA-DSS] 12.1 If the payment application sends, or facilitates sending, cardholder data over public
|
|
1
|
13563
|
June 7, 2011
|
|
[PA-DSS] 3.3 Encrypt payment application passwords during transmission and storage, using strong cry
|
|
1
|
10558
|
August 30, 2010
|
|
[PA-DSS] 5.2.4 Insecure direct object references (do not expose internal object references to users)
|
|
1
|
2980
|
June 30, 2010
|
|
[PA-DSS] 2.5 Payment application must protect encryption keys used for encryption of cardholder dat
|
|
8
|
7659
|
May 24, 2010
|
|
[PA-DSS] 14.2.1 Update the training materials on an annual basis and whenever new payment applicatio
|
|
1
|
10087
|
February 2, 2010
|
|
[PA-DSS] 12.2 The payment application must never send unencrypted PANs by end-user messaging technol
|
|
0
|
3885
|
March 18, 2007
|
|
[PA-DSS] 5.2.10 Failure to restrict URL access (consistently enforce access control in presentation
|
|
0
|
1589
|
March 18, 2007
|
|
[PA-DSS] 14.2 Develop and implement training and communication programs to ensure payment applicatio
|
|
0
|
2286
|
March 18, 2007
|
|
[PA-DSS] 5.3.3 Testing of operational functionality
|
|
0
|
1363
|
March 18, 2007
|
|
[PA-DSS] 5.4 The payment application must not use or require use of unnecessary and insecure servic
|
|
0
|
1787
|
March 18, 2007
|
|
[PA-DSS] 11.3 If vendors, resellers/integrators, or customers can access customer's payment applicat
|
|
0
|
2485
|
March 18, 2007
|
|
[PA-DSS] 5.2.7 Broken authentication and session management (properly authenticate users and protect
|
|
0
|
2992
|
March 18, 2007
|
|
[PA-DSS] 5.2.9 Insecure communications (properly encrypt all authenticated and sensitive communicat
|
|
0
|
1593
|
March 18, 2007
|
|
[PA-DSS] 5.3.2 Management sign-off by appropriate parties
|
|
0
|
1383
|
March 18, 2007
|
|
[PA-DSS] 5.3 Software vendor must follow change control procedures for all product software configur
|
|
0
|
1533
|
March 18, 2007
|
|
[PA-DSS] 11.1 The payment application must not interfere with use of a two-factor authentication mec
|
|
0
|
11338
|
March 18, 2007
|
|
[PA-DSS] 5.3.1 Documentation of impact
|
|
0
|
1694
|
March 18, 2007
|
|
[PA-DSS] 10.1 If payment application updates are delivered via remote access into customers' systems
|
|
0
|
11173
|
March 18, 2007
|
|
[PA-DSS] 9.1 The payment application must be developed such that the database server and web server
|
|
0
|
10320
|
March 18, 2007
|
|
[PA-DSS] 11.2 If the payment application may be accessed remotely, remote access to the payment appl
|
|
0
|
3864
|
March 18, 2007
|
|
[PA-DSS] 8.1 The payment application must be able to be implemented into a secure network environmen
|
|
0
|
10203
|
March 18, 2007
|
|
[PA-DSS] 6.2 For payment applications using wireless technology, payment application must facilitate
|
|
0
|
2479
|
March 18, 2007
|
|
[PA-DSS] 5.3.4 Back-out or product de-installation procedures
|
|
0
|
1511
|
March 18, 2007
|
|
[PA-DSS] 14.1.2 Includes a review at least annually and updates to keep the documentation current wi
|
|
0
|
1900
|
March 18, 2007
|
|
[PA-DSS] 7.1 Software vendors must establish a process to identify newly discovered security vulnera
|
|
0
|
10641
|
March 18, 2007
|
|
[PA-DSS] 14.1.1 Addresses all requirements in this document wherever the PA-DSS Implementation Guide
|
|
0
|
2304
|
March 18, 2007
|
|
[PA-DSS] 13.1 Instruct customers to encrypt all non-console administrative access using technologies
|
|
0
|
10285
|
March 18, 2007
|
|
[PA-DSS] 14.1 Develop, maintain, and disseminate a PA-DSS Implementation Guide(s) for customers, res
|
|
0
|
3126
|
March 18, 2007
|