About the [RETIRED] PA-DSS v.1.x Questions and Answers category
|
|
0
|
36
|
January 23, 2023
|
[PA-DSS] 2.4 If disk encryption is used (rather than file- or column-level database encryption), log
|
|
1
|
6854
|
November 11, 2013
|
[PA-DSS] 12.1 If the payment application sends, or facilitates sending, cardholder data over public
|
|
1
|
13443
|
June 7, 2011
|
[PA-DSS] 3.3 Encrypt payment application passwords during transmission and storage, using strong cry
|
|
1
|
10479
|
August 30, 2010
|
[PA-DSS] 5.2.4 Insecure direct object references (do not expose internal object references to users)
|
|
1
|
2897
|
June 30, 2010
|
[PA-DSS] 2.5 Payment application must protect encryption keys used for encryption of cardholder dat
|
|
8
|
7525
|
May 24, 2010
|
[PA-DSS] 14.2.1 Update the training materials on an annual basis and whenever new payment applicatio
|
|
1
|
10012
|
February 2, 2010
|
[PA-DSS] 6.2 For payment applications using wireless technology, payment application must facilitate
|
|
0
|
2423
|
March 18, 2007
|
[PA-DSS] 11.2 If the payment application may be accessed remotely, remote access to the payment appl
|
|
0
|
3808
|
March 18, 2007
|
[PA-DSS] 7.1 Software vendors must establish a process to identify newly discovered security vulnera
|
|
0
|
10587
|
March 18, 2007
|
[PA-DSS] 7.2 Software vendors must establish a process for timely development and deployment of secu
|
|
0
|
2301
|
March 18, 2007
|
[PA-DSS] 8.1 The payment application must be able to be implemented into a secure network environmen
|
|
0
|
10148
|
March 18, 2007
|
[PA-DSS] 14.1.2 Includes a review at least annually and updates to keep the documentation current wi
|
|
0
|
1833
|
March 18, 2007
|
[PA-DSS] 10.1 If payment application updates are delivered via remote access into customers' systems
|
|
0
|
11120
|
March 18, 2007
|
[PA-DSS] 13.1 Instruct customers to encrypt all non-console administrative access using technologies
|
|
0
|
10228
|
March 18, 2007
|
[PA-DSS] 14.1 Develop, maintain, and disseminate a PA-DSS Implementation Guide(s) for customers, res
|
|
0
|
3077
|
March 18, 2007
|
[PA-DSS] 14.1.1 Addresses all requirements in this document wherever the PA-DSS Implementation Guide
|
|
0
|
2212
|
March 18, 2007
|
[PA-DSS] 5.3.1 Documentation of impact
|
|
0
|
1643
|
March 18, 2007
|
[PA-DSS] 5.2.7 Broken authentication and session management (properly authenticate users and protect
|
|
0
|
2924
|
March 18, 2007
|
[PA-DSS] 5.2.8 Insecure cryptographic storage (prevent cryptographic flaws)
|
|
0
|
1802
|
March 18, 2007
|
[PA-DSS] 5.2.9 Insecure communications (properly encrypt all authenticated and sensitive communicat
|
|
0
|
1546
|
March 18, 2007
|
[PA-DSS] 5.2.10 Failure to restrict URL access (consistently enforce access control in presentation
|
|
0
|
1525
|
March 18, 2007
|
[PA-DSS] 5.3 Software vendor must follow change control procedures for all product software configur
|
|
0
|
1469
|
March 18, 2007
|
[PA-DSS] 5.3.2 Management sign-off by appropriate parties
|
|
0
|
1319
|
March 18, 2007
|
[PA-DSS] 9.1 The payment application must be developed such that the database server and web server
|
|
0
|
10262
|
March 18, 2007
|
[PA-DSS] 11.3 If vendors, resellers/integrators, or customers can access customer's payment applicat
|
|
0
|
2378
|
March 18, 2007
|
[PA-DSS] 11.1 The payment application must not interfere with use of a two-factor authentication mec
|
|
0
|
11275
|
March 18, 2007
|
[PA-DSS] 5.3.3 Testing of operational functionality
|
|
0
|
1305
|
March 18, 2007
|
[PA-DSS] 5.3.4 Back-out or product de-installation procedures
|
|
0
|
1457
|
March 18, 2007
|
[PA-DSS] 5.4 The payment application must not use or require use of unnecessary and insecure servic
|
|
0
|
1717
|
March 18, 2007
|