|
About the Protect Stored Cardholder Data category
|
|
0
|
7
|
February 9, 2023
|
|
4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks, including the following:
|
|
0
|
19
|
February 9, 2023
|
|
4.3 Ensure that security policies and operational procedures for encrypting transmissions of cardholder data are documented, in use, and known to all affected parties
|
|
0
|
6
|
February 9, 2023
|
|
4.2 Never send unprotected PANs by end- user messaging technologies (for example, e- mail, instant messaging, SMS, chat, etc.)
|
|
0
|
5
|
February 9, 2023
|
|
4.1.1 Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment, use industry best practices to implement strong encryption for authentication and transmission
|
|
0
|
5
|
February 9, 2023
|
|
Requirement 4: Encrypt transmission of cardholder data across open, public networks
|
|
0
|
5
|
February 9, 2023
|
|
3.7 Ensure that security policies and operational procedures for protecting stored cardholder data are documented, in use, and known to all affected parties
|
|
0
|
29
|
February 9, 2023
|
|
3.6.8 Requirement for cryptographic key custodians to formally acknowledge that they understand and accept their key- custodian responsibilities
|
|
0
|
6
|
February 9, 2023
|
|
3.6.7 Prevention of unauthorized substitution of cryptographic keys
|
|
0
|
6
|
February 9, 2023
|
|
3.6.6 If manual clear-text cryptographic key-management operations are used, these operations must be managed using split knowledge and dual control
|
|
0
|
10
|
February 9, 2023
|
|
3.6.5 Retirement or replacement (for example, archiving, destruction, and/or revocation) of keys as deemed necessary when the integrity of the key has been weakened
|
|
0
|
9
|
February 9, 2023
|
|
3.6.4 Cryptographic key changes for keys that have reached the end of their cryptoperiod
|
|
0
|
10
|
February 9, 2023
|
|
3.6.3 Secure cryptographic key storage
|
|
0
|
6
|
February 9, 2023
|
|
3.6.2 Secure cryptographic key distribution
|
|
0
|
7
|
February 9, 2023
|
|
3.6.1 Generation of strong cryptographic keys
|
|
0
|
6
|
February 9, 2023
|
|
3.6 Fully document and implement all key- management processes and procedures for cryptographic keys used for encryption of cardholder data, including the following:
|
|
0
|
8
|
February 9, 2023
|
|
3.5.4 Store cryptographic keys in the fewest possible locations
|
|
0
|
6
|
February 9, 2023
|
|
3.5.3 Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the following forms at all times:
|
|
0
|
5
|
February 9, 2023
|
|
3.5.2 Restrict access to cryptographic keys to the fewest number of custodians necessary
|
|
0
|
6
|
February 9, 2023
|
|
3.5.1 Additional requirement for service providers only: Maintain a documented description of the cryptographic architecture that includes:
|
|
0
|
12
|
February 9, 2023
|
|
3.5 Document and implement procedures to protect keys used to secure stored cardholder data against disclosure and misuse:
|
|
0
|
7
|
February 9, 2023
|
|
3.4.1 If disk encryption is used (rather than file- or column-level database encryption), logical access must be managed separately and independently of native operating system authentication and access control mechanisms
|
|
0
|
8
|
February 9, 2023
|
|
3.4 Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches:
|
|
0
|
8
|
February 9, 2023
|
|
3.3 Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed), such that only personnel with a legitimate business need can see more than the first six/last four digits of the PAN
|
|
0
|
9
|
February 9, 2023
|
|
3.2.3 Do not store the personal identification number (PIN) or the encrypted PIN block after authorization
|
|
0
|
6
|
February 9, 2023
|
|
3.2.2 Do not store the card verification code or value (three-digit or four-digit number printed on the front or back of a payment card used to verify card-not- present transactions) after authorization
|
|
0
|
6
|
February 9, 2023
|
|
3.2.1 Do not store the full contents of any track (from the magnetic stripe located on the back of a card, equivalent data contained on a chip, or elsewhere) after authorization
|
|
0
|
8
|
February 9, 2023
|
|
3.2 Do not store sensitive authentication data after authorization (even if encrypted). If sensitive authentication data is received, render all data unrecoverable upon completion of the authorization process
|
|
0
|
12
|
February 9, 2023
|
|
3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies, procedures and processes that include at least the following for all cardholder data (CHD) storage:
|
|
0
|
6
|
February 9, 2023
|
|
Requirement 3: Protect stored cardholder data
|
|
0
|
7
|
February 9, 2023
|