[READ-ONLY] Archives [RETIRED] PA-DSS v.1.x Questions and Answers

[PA-DSS] 1. Do not retain full magnetic stripe, c Do not retain full magnetic stripe, card validation code or value (CAV2, CID, CVC2, CVV2), or PIN block data [PA-DSS] 2. Protect stored cardholder data Protect stored cardholder data [PA-DSS] 4. Log payment application activity Log payment application activity [PA-DSS] 7. Test payment applications to address v [PA-DSS] 9. Cardholder data must never be stored o Cardholder data must never be stored on a server connected to the Internet [PA-DSS] 13. Encrypt all non-console administrativ [PA-DSS] 11. Facilitate secure remote access to pa [PA-DSS] 14. Maintain instructional documentation Maintain instructional documentation and training programs for customers, resellers, and integrators. [PA-DSS] 8. Facilitate secure network implementati [PA-DSS] 10. Facilitate secure remote software upd [PA-DSS] 12. Encrypt sensitive traffic over public [PA-DSS] 5. Develop secure payment applications Develop secure payment applications [PA-DSS] 6. Protect wireless transmissions Protect wireless transmissions [PA-DSS] 3. Provide secure authentication features Provide secure authentication features

Topic	Replies	Views	Activity
About the [RETIRED] PA-DSS v.1.x Questions and Answers category [RETIRED] PA-DSS v.1.x Questions and Answers	0	65	January 23, 2023
[PA-DSS] 2.4 If disk encryption is used (rather than file- or column-level database encryption), log [PA-DSS] 2. Protect stored cardholder data	1	6888	November 11, 2013
[PA-DSS] 12.1 If the payment application sends, or facilitates sending, cardholder data over public [PA-DSS] 12. Encrypt sensitive traffic over public	1	13504	June 7, 2011
[PA-DSS] 3.3 Encrypt payment application passwords during transmission and storage, using strong cry [PA-DSS] 3. Provide secure authentication features	1	10509	August 30, 2010
[PA-DSS] 5.2.4 Insecure direct object references (do not expose internal object references to users) [PA-DSS] 5. Develop secure payment applications	1	2954	June 30, 2010
[PA-DSS] 2.5 Payment application must protect encryption keys used for encryption of cardholder dat [PA-DSS] 2. Protect stored cardholder data	8	7547	May 24, 2010
[PA-DSS] 14.2.1 Update the training materials on an annual basis and whenever new payment applicatio [PA-DSS] 14. Maintain instructional documentation	1	10045	February 2, 2010
[PA-DSS] 12.2 The payment application must never send unencrypted PANs by end-user messaging technol [PA-DSS] 12. Encrypt sensitive traffic over public	0	3841	March 18, 2007
[PA-DSS] 5.2.10 Failure to restrict URL access (consistently enforce access control in presentation [PA-DSS] 5. Develop secure payment applications	0	1565	March 18, 2007
[PA-DSS] 5.3.2 Management sign-off by appropriate parties [PA-DSS] 5. Develop secure payment applications	0	1355	March 18, 2007
[PA-DSS] 5.3.1 Documentation of impact [PA-DSS] 5. Develop secure payment applications	0	1672	March 18, 2007
[PA-DSS] 5.2.8 Insecure cryptographic storage (prevent cryptographic flaws) [PA-DSS] 5. Develop secure payment applications	0	1831	March 18, 2007
[PA-DSS] 5.2.7 Broken authentication and session management (properly authenticate users and protect [PA-DSS] 5. Develop secure payment applications	0	2960	March 18, 2007
[PA-DSS] 5.3 Software vendor must follow change control procedures for all product software configur [PA-DSS] 5. Develop secure payment applications	0	1498	March 18, 2007
[PA-DSS] 5.4 The payment application must not use or require use of unnecessary and insecure servic [PA-DSS] 5. Develop secure payment applications	0	1751	March 18, 2007
[PA-DSS] 14.1 Develop, maintain, and disseminate a PA-DSS Implementation Guide(s) for customers, res [PA-DSS] 14. Maintain instructional documentation	0	3101	March 18, 2007
[PA-DSS] 5.2.9 Insecure communications (properly encrypt all authenticated and sensitive communicat [PA-DSS] 5. Develop secure payment applications	0	1571	March 18, 2007
[PA-DSS] 7.2 Software vendors must establish a process for timely development and deployment of secu [PA-DSS] 7. Test payment applications to address v	0	2332	March 18, 2007
[PA-DSS] 7.1 Software vendors must establish a process to identify newly discovered security vulnera [PA-DSS] 7. Test payment applications to address v	0	10612	March 18, 2007
[PA-DSS] 11.1 The payment application must not interfere with use of a two-factor authentication mec [PA-DSS] 11. Facilitate secure remote access to pa	0	11304	March 18, 2007
[PA-DSS] 11.2 If the payment application may be accessed remotely, remote access to the payment appl [PA-DSS] 11. Facilitate secure remote access to pa	0	3836	March 18, 2007
[PA-DSS] 5.3.4 Back-out or product de-installation procedures [PA-DSS] 5. Develop secure payment applications	0	1489	March 18, 2007
[PA-DSS] 14.1.1 Addresses all requirements in this document wherever the PA-DSS Implementation Guide [PA-DSS] 14. Maintain instructional documentation	0	2254	March 18, 2007
[PA-DSS] 14.1.2 Includes a review at least annually and updates to keep the documentation current wi [PA-DSS] 14. Maintain instructional documentation	0	1858	March 18, 2007
[PA-DSS] 11.3 If vendors, resellers/integrators, or customers can access customer's payment applicat [PA-DSS] 11. Facilitate secure remote access to pa	0	2436	March 18, 2007
[PA-DSS] 10.1 If payment application updates are delivered via remote access into customers' systems [PA-DSS] 10. Facilitate secure remote software upd	0	11148	March 18, 2007
[PA-DSS] 6.2 For payment applications using wireless technology, payment application must facilitate [PA-DSS] 6. Protect wireless transmissions	0	2450	March 18, 2007
[PA-DSS] 6.1 For payment applications using wireless technology, the wireless technology must be imp [PA-DSS] 6. Protect wireless transmissions	0	9648	March 18, 2007
[PA-DSS] 8.1 The payment application must be able to be implemented into a secure network environmen [PA-DSS] 8. Facilitate secure network implementati	0	10176	March 18, 2007
[PA-DSS] 5.3.3 Testing of operational functionality [PA-DSS] 5. Develop secure payment applications	0	1335	March 18, 2007