PCIP Questions and Answers Rated A+
PCI DSS Requirement 1 ✔✔Install and maintain a firewall configuration to protect cardholder
data
PCI DSS Requirement 2 ✔✔Do not use vendor supplied defaults for system passwords and other
security parameters
PCI DSS Requirement 3 ✔✔Protect stored cardholder data by enacting a formal data retention
policy and implement secure deletion methods
PCI DSS Requirement 4 ✔✔Protected Cardholder Data during transmission over the internet,
wireless networks or other open access networks or systems (GSM, GPRS, etc.)
PCI DSS Requirement 5 ✔✔Use and regularly update anti-virus software or programs
PCI DSS Requirement 6 ✔✔Develop and maintain secure systems and applications
PCI DSS Requirement 7 ✔✔Restrict access to cardholder data by business need to know
,PCI DSS Requirement 8 ✔✔Assign a unique ID to each person with computer access
PCI DSS Requirement 9 ✔✔Restrict physical access to cardholder data
PCI DSS Requirement 10 ✔✔Track and monitor all access to network resources and cardholder
data
PCI DSS Requirement 11 ✔✔Regularly test secuirty systems and processes with wireless scans,
vulnerability scnas, log audits, ASV (Approved Scanning Vendor)
PCI DSS Requirement 12 ✔✔Maintain a policy that addresses information security for all
personnel
ASV (Approved Scanning Vendor) ✔✔Company approved by the PCI SSC to conduct external
vulnerability scanning services.
PCI Data Security Standards (PCI DSS) ✔✔Covers the security of the environments that store,
process or transmit account data.
,Environments receive account data from payment applications and other sources (e.g. acquirers)
PCI Payment Application Data Security Standards
(PCI PA-DSS) ✔✔Covers secure payment applications to support PCI DSS compliance.
Applies to Third Party payment applications if the application performs authorization and/or
settlement (POS, shopping carts, etc.)
Ensures a payment application can function in a PCI DSS compliant manner
PA-DSS applications are in scope for PCI DSS
Payment application receives account data from PIN Entry Devices (PED) or other devices and
begins payment transaction
PCI PIN Transaction Security (PCI PTS) ✔✔Covers device tamper detection, cryptographic
processes and other mechanisms to protect the Personal Identification Number (PIN).
Encrypted PIN is passed to payment application or hardware terminal.
, PCI-PTS - PIN Security ✔✔Covers secure management, processing and transmission of personal
identification number data during online and offline payment card transaction processing
PCI-PTS - HSM (Hardware Security Module or Host Security Module) ✔✔A physically and
logically protected hardware device that provides a secure set of cryptographic services, used for
cryptographic key-management functions and/or the decryption of account data. Not required by
DSS, but may help with the management of keys.
PCI Point to Point Encryption (PCI P2PE) ✔✔Covers encryption, decryption and key
management within secure cryptographic devices (SCD). Not a requirement but may result in
reduction of scope.
Secure Cryptographic Device (SCD) ✔✔A set of hardware, software and firmware that
implements cryptographic processes (including cryptographic algorithms and key generation)
and is contained within a defined cryptographic boundary. Examples of secure cryptographic
devices include host/hardware security modules (HSMs) and point-of-interaction devices (POIs)
that have been validated to PCI PTS.
POI - Point of Interaction ✔✔The initial point where data is read from a card. An electronic
transaction-acceptance product, a POI consists of hardware and software and is hosted in
PCI DSS Requirement 1 ✔✔Install and maintain a firewall configuration to protect cardholder
data
PCI DSS Requirement 2 ✔✔Do not use vendor supplied defaults for system passwords and other
security parameters
PCI DSS Requirement 3 ✔✔Protect stored cardholder data by enacting a formal data retention
policy and implement secure deletion methods
PCI DSS Requirement 4 ✔✔Protected Cardholder Data during transmission over the internet,
wireless networks or other open access networks or systems (GSM, GPRS, etc.)
PCI DSS Requirement 5 ✔✔Use and regularly update anti-virus software or programs
PCI DSS Requirement 6 ✔✔Develop and maintain secure systems and applications
PCI DSS Requirement 7 ✔✔Restrict access to cardholder data by business need to know
,PCI DSS Requirement 8 ✔✔Assign a unique ID to each person with computer access
PCI DSS Requirement 9 ✔✔Restrict physical access to cardholder data
PCI DSS Requirement 10 ✔✔Track and monitor all access to network resources and cardholder
data
PCI DSS Requirement 11 ✔✔Regularly test secuirty systems and processes with wireless scans,
vulnerability scnas, log audits, ASV (Approved Scanning Vendor)
PCI DSS Requirement 12 ✔✔Maintain a policy that addresses information security for all
personnel
ASV (Approved Scanning Vendor) ✔✔Company approved by the PCI SSC to conduct external
vulnerability scanning services.
PCI Data Security Standards (PCI DSS) ✔✔Covers the security of the environments that store,
process or transmit account data.
,Environments receive account data from payment applications and other sources (e.g. acquirers)
PCI Payment Application Data Security Standards
(PCI PA-DSS) ✔✔Covers secure payment applications to support PCI DSS compliance.
Applies to Third Party payment applications if the application performs authorization and/or
settlement (POS, shopping carts, etc.)
Ensures a payment application can function in a PCI DSS compliant manner
PA-DSS applications are in scope for PCI DSS
Payment application receives account data from PIN Entry Devices (PED) or other devices and
begins payment transaction
PCI PIN Transaction Security (PCI PTS) ✔✔Covers device tamper detection, cryptographic
processes and other mechanisms to protect the Personal Identification Number (PIN).
Encrypted PIN is passed to payment application or hardware terminal.
, PCI-PTS - PIN Security ✔✔Covers secure management, processing and transmission of personal
identification number data during online and offline payment card transaction processing
PCI-PTS - HSM (Hardware Security Module or Host Security Module) ✔✔A physically and
logically protected hardware device that provides a secure set of cryptographic services, used for
cryptographic key-management functions and/or the decryption of account data. Not required by
DSS, but may help with the management of keys.
PCI Point to Point Encryption (PCI P2PE) ✔✔Covers encryption, decryption and key
management within secure cryptographic devices (SCD). Not a requirement but may result in
reduction of scope.
Secure Cryptographic Device (SCD) ✔✔A set of hardware, software and firmware that
implements cryptographic processes (including cryptographic algorithms and key generation)
and is contained within a defined cryptographic boundary. Examples of secure cryptographic
devices include host/hardware security modules (HSMs) and point-of-interaction devices (POIs)
that have been validated to PCI PTS.
POI - Point of Interaction ✔✔The initial point where data is read from a card. An electronic
transaction-acceptance product, a POI consists of hardware and software and is hosted in
