5.4 The payment application must not use or require use of unnecessary and insecure services and protocols (e.g., NetBIOS, file-sharing, Telnet, unencrypted FTP, etc.).PCI Data Security Standard Requirement 2.2.2
Testing Procedures:
5.4 Examine system services, daemons, and protocols enabled or required by the payment application. Verify that unnecessary and insecure services or protocols are not enabled by default or required by the payment application (for example, FTP is not enabled, or is encrypted via SSH or other technology).