[READ-ONLY] Archives [RETIRED] PA-DSS v.1.x Questions and Answers

[PA-DSS] 1. Do not retain full magnetic stripe, c Do not retain full magnetic stripe, card validation code or value (CAV2, CID, CVC2, CVV2), or PIN block data [PA-DSS] 2. Protect stored cardholder data Protect stored cardholder data [PA-DSS] 4. Log payment application activity Log payment application activity [PA-DSS] 7. Test payment applications to address v [PA-DSS] 9. Cardholder data must never be stored o Cardholder data must never be stored on a server connected to the Internet [PA-DSS] 13. Encrypt all non-console administrativ [PA-DSS] 11. Facilitate secure remote access to pa [PA-DSS] 14. Maintain instructional documentation Maintain instructional documentation and training programs for customers, resellers, and integrators. [PA-DSS] 8. Facilitate secure network implementati [PA-DSS] 10. Facilitate secure remote software upd [PA-DSS] 12. Encrypt sensitive traffic over public [PA-DSS] 5. Develop secure payment applications Develop secure payment applications [PA-DSS] 6. Protect wireless transmissions Protect wireless transmissions [PA-DSS] 3. Provide secure authentication features Provide secure authentication features

Topic	Replies	Views	Activity
About the [RETIRED] PA-DSS v.1.x Questions and Answers category [RETIRED] PA-DSS v.1.x Questions and Answers	0	90	January 23, 2023
[PA-DSS] 2.4 If disk encryption is used (rather than file- or column-level database encryption), log [PA-DSS] 2. Protect stored cardholder data	1	6932	November 11, 2013
[PA-DSS] 12.1 If the payment application sends, or facilitates sending, cardholder data over public [PA-DSS] 12. Encrypt sensitive traffic over public	1	13557	June 7, 2011
[PA-DSS] 3.3 Encrypt payment application passwords during transmission and storage, using strong cry [PA-DSS] 3. Provide secure authentication features	1	10552	August 30, 2010
[PA-DSS] 5.2.4 Insecure direct object references (do not expose internal object references to users) [PA-DSS] 5. Develop secure payment applications	1	2979	June 30, 2010
[PA-DSS] 2.5 Payment application must protect encryption keys used for encryption of cardholder dat [PA-DSS] 2. Protect stored cardholder data	8	7633	May 24, 2010
[PA-DSS] 14.2.1 Update the training materials on an annual basis and whenever new payment applicatio [PA-DSS] 14. Maintain instructional documentation	1	10085	February 2, 2010
[PA-DSS] 13.1 Instruct customers to encrypt all non-console administrative access using technologies [PA-DSS] 13. Encrypt all non-console administrativ	0	10280	March 18, 2007
[PA-DSS] 5.3.2 Management sign-off by appropriate parties [PA-DSS] 5. Develop secure payment applications	0	1379	March 18, 2007
[PA-DSS] 6.2 For payment applications using wireless technology, payment application must facilitate [PA-DSS] 6. Protect wireless transmissions	0	2477	March 18, 2007
[PA-DSS] 11.1 The payment application must not interfere with use of a two-factor authentication mec [PA-DSS] 11. Facilitate secure remote access to pa	0	11336	March 18, 2007
[PA-DSS] 8.1 The payment application must be able to be implemented into a secure network environmen [PA-DSS] 8. Facilitate secure network implementati	0	10203	March 18, 2007
[PA-DSS] 14.2 Develop and implement training and communication programs to ensure payment applicatio [PA-DSS] 14. Maintain instructional documentation	0	2283	March 18, 2007
[PA-DSS] 14.1.2 Includes a review at least annually and updates to keep the documentation current wi [PA-DSS] 14. Maintain instructional documentation	0	1898	March 18, 2007
[PA-DSS] 5.2.7 Broken authentication and session management (properly authenticate users and protect [PA-DSS] 5. Develop secure payment applications	0	2990	March 18, 2007
[PA-DSS] 9.1 The payment application must be developed such that the database server and web server [PA-DSS] 9. Cardholder data must never be stored o	0	10320	March 18, 2007
[PA-DSS] 5.3.3 Testing of operational functionality [PA-DSS] 5. Develop secure payment applications	0	1360	March 18, 2007
[PA-DSS] 11.3 If vendors, resellers/integrators, or customers can access customer's payment applicat [PA-DSS] 11. Facilitate secure remote access to pa	0	2483	March 18, 2007
[PA-DSS] 5.3 Software vendor must follow change control procedures for all product software configur [PA-DSS] 5. Develop secure payment applications	0	1529	March 18, 2007
[PA-DSS] 14.1 Develop, maintain, and disseminate a PA-DSS Implementation Guide(s) for customers, res [PA-DSS] 14. Maintain instructional documentation	0	3124	March 18, 2007
[PA-DSS] 12.2 The payment application must never send unencrypted PANs by end-user messaging technol [PA-DSS] 12. Encrypt sensitive traffic over public	0	3884	March 18, 2007
[PA-DSS] 5.2.10 Failure to restrict URL access (consistently enforce access control in presentation [PA-DSS] 5. Develop secure payment applications	0	1587	March 18, 2007
[PA-DSS] 5.3.1 Documentation of impact [PA-DSS] 5. Develop secure payment applications	0	1694	March 18, 2007
[PA-DSS] 10.1 If payment application updates are delivered via remote access into customers' systems [PA-DSS] 10. Facilitate secure remote software upd	0	11171	March 18, 2007
[PA-DSS] 5.4 The payment application must not use or require use of unnecessary and insecure servic [PA-DSS] 5. Develop secure payment applications	0	1784	March 18, 2007
[PA-DSS] 5.3.4 Back-out or product de-installation procedures [PA-DSS] 5. Develop secure payment applications	0	1508	March 18, 2007
[PA-DSS] 11.2 If the payment application may be accessed remotely, remote access to the payment appl [PA-DSS] 11. Facilitate secure remote access to pa	0	3859	March 18, 2007
[PA-DSS] 5.2.9 Insecure communications (properly encrypt all authenticated and sensitive communicat [PA-DSS] 5. Develop secure payment applications	0	1592	March 18, 2007
[PA-DSS] 7.1 Software vendors must establish a process to identify newly discovered security vulnera [PA-DSS] 7. Test payment applications to address v	0	10636	March 18, 2007
[PA-DSS] 14.1.1 Addresses all requirements in this document wherever the PA-DSS Implementation Guide [PA-DSS] 14. Maintain instructional documentation	0	2301	March 18, 2007