Payment Card Industry (PCI) Data Security Standard Self
Section 1 (Parts 1 & 2 of the AOC) – Assessment Information and Executive Summary Section 2 – PCI DSS Self-Assessment Questionnaire (SAQ D) Section 3 (Parts 3 & 4 of the AOC) – Validation and Attestation Details and Action Plan for Non-Compliant Requirements (if applicable) 4
Payment Card Industry (PCI) Data Security Standard Self
Section 1 (Part 1 & 2 of the AOC) – Assessment Information and Executive Summary Section 2 – PCI DSS Self-Assessment Questionnaire (SAQ D) Section 3 (Parts 3 & 4 of the AOC) – Validation and Attestation Details and Action Plan for Non-Compliant Requirements (if applicable) 5
Payment Card Industry (PCI) Data Security Standard Self
(d) Complete all sections of this document: • Section 1 (Parts 1 & 2 of the AOC) – Assessment Information and Executive Summary • Section 2 – PCI DSS Self-Assessment Questionnaire (SAQ D) • Section 3 (Parts 3 & 4 of the AOC) – Validation and Attestation Details and Action Plan for Non-Compliant Requirements (if applicable)
AUTOMATED INFORMATION SYSTEMS (AIS) QUESTIONNAIRE
1 Primary POC or a POC who can provide general information about the system and the program(s) it supports DA FORM 7796, MAY 2020 PAGE 1 OF 3 APD LC v1 00ES AUTOMATED INFORMATION SYSTEMS (AIS) QUESTIONNAIRE For use of this form, see AR 25-400-2; the proponent agency is AASA a Last Name b First Name c Title d Role 1 Does the system
LOUISIANA WORKERS’ COMPENSATION SECOND INJURY BOARD POST HIRE
information provided by the employee on this questionnaire; 2 That I have provided the employee with as many copies of the Explanation Page as needed and have confirmed the number of and labeled the pages of this questionnaire; 3
Questionnaire Atelier Suivi et Evaluation
Elaboration d’indicateurs de performance / comment mesurer l’emploi Conduite d’entretiens semi-directifs Construction de grilles d’entretien Mise en place d’un Système d’Information et de Gestion (SIG/MIS) Collecte de données quantitative (enquêtes) Analyse cout-efficacité
Socioeconomic Status Questionnaire For Students
measures may questionnaire for students that family in poverty Measured in order to note their current or whether they have insufficient food for your cooperation Recent occupation should also collect information about work tasks and Invalid url or year, standardized measurement and policy affected the supplemental poverty can be assessed
[PDF] Charte PARITAIRE CQPI Certificat de Qualification Professionnelle Inter branches
[PDF] Dahir n 1-92-139 du 14 rajeb 1413 (8 janvier 1993) portant promulgation de la loi n 15-89
[PDF] REFERENTIEL DU CQPM OBJECTIF PROFESSIONNEL DE LA QUALIFICATION VALIDEE
[PDF] GYMNASTIQUE CYCLE 3 «Consolidation»
[PDF] Fiche entreprise : E1
[PDF] REFERENTIEL DU CQPM. Les missions ou activités confiées au titulaire peuvent porter à titre d exemples non exhaustifs sur :
[PDF] SOMMAIRE OBJET ET CHAMP D'APPLICATION DE LA NORME... 1-4 INTRODUCTION... 5-11 DATE D'APPLICATION... 12
[PDF] en Nord-Pas de Calais
[PDF] BRASSE : PERFECTIONNEMENT DOS CRAWL : PROGRESSION
[PDF] CIRCULAIRE N. Bruxelles. le. Administration Générale des Personnels de l'enseignement Cellule des Accidents du Travail de l'enseignement
[PDF] Termes de références
[PDF] Les applications embarquées Lexmark
[PDF] Frais de déplacement Changements importants
[PDF] Décret n 2009-938 du 29 juillet 2009 Relatif à la procédure d'instruction des déclarations d'accidents du travail et maladies professionnelles.
Payment Card Industry (PCI)
Data Security Standard
Self-Assessment Questionnaire D
and Attestation of Compliance forMerchants
All other SAQ-Eligible Merchants
Version 3.0
February 2014
PCI DSS SAQ D for Merchants, v3.0 February 2014
© 2006-2014 PCI Security Standards Council, LLC. All Rights Reserved. Page iDocument Changes
Date Version Description
October 2008 1.2 To align content with new PCI DSS v1.2 and to implement minor changes noted since original v1.1. October 2010 2.0 To align content with new PCI DSS v2.0 requirements and testing procedures. February 2014 3.0 To align content with PCI DSS v3.0 requirements and testing procedures and incorporate additional response options.PCI DSS SAQ D for Merchants, v3.0 February 2014
© 2006-2014 PCI Security Standards Council, LLC. All Rights Reserved. Page iiTable of Contents
Document Changes .................................................................................................................. i
Before You Begin .....................................................................................................................iii
PCI DSS Self-Assessment Completion Steps ...................................................................................... iii
Understanding the Self-Assessment Questionnaire ........................................................................... iii
Expected Testing ................................................................................................................................... iv
Completing the Self-Assessment Questionnaire ................................................................................. iv
Guidance for Non-Applicability of Certain, Specific Requirements .................................................... v
Understanding the difference between Not Applicable and Not Tested .................................................. v
Legal Exception .................................................................................................................................... v
Section 1: Assessment Information ..................................................................................... 1
Section 2: Self-Assessment Questionnaire D for Merchants ............................................. 4
Build and Maintain a Secure Network and Systems ............................................................................. 4
Requirement 1: Install and maintain a firewall configuration to protect data ........................................ 4
Requirement 2: Do not use vendor-supplied defaults for system passwords and other securityparameters .................................................................................................................. 9
Protect Cardholder Data ........................................................................................................................ 14
Requirement 3: Protect stored cardholder data.................................................................................. 14
Requirement 4: Encrypt transmission of cardholder data across open, public networks ................... 22
Maintain a Vulnerability Management Program .................................................................................. 24
Requirement 5: Protect all systems against malware and regularly update anti-virus software orprograms ................................................................................................................... 24
Requirement 6: Develop and maintain secure systems and applications .......................................... 26
Implement Strong Access Control Measures ...................................................................................... 34
Requirement 7: Restrict access to cardholder data by business need to know ................................. 34
Requirement 8: Identify and authenticate access to system components ......................................... 36
Requirement 9: Restrict physical access to cardholder data ............................................................. 42
Regularly Monitor and Test Networks .................................................................................................. 50
Requirement 10: Track and monitor all access to network resources and cardholder data ................ 50
Requirement 11: Regularly test security systems and processes ........................................................ 56
Maintain an Information Security Policy .............................................................................................. 63
Requirement 12: Maintain a policy that addresses information security for all personnel ................... 63
Appendix A: Additional PCI DSS Requirements for Shared Hosting Providers..................... 70Appendix B: Compensating Controls Worksheet ...................................................................... 71
Appendix C: Explanation of Non-Applicability........................................................................... 72
Appendix D: Explanation of Requirements Not Tested ............................................................ 73
Section 3: Validation and Attestation Details .....................................................................74
PCI DSS SAQ D for Merchants, v3.0 February 2014
© 2006-2014 PCI Security Standards Council, LLC. All Rights Reserved. Page iiiBefore You Begin
SAQ D for Merchants applies to SAQ-eligible merchants not meeting the criteria for any other SAQ type.
Examples of merchant environments that would use SAQ D may include but are not limited to: E-commerce merchants who accept cardholder data on their website. Merchants with electronic storage of cardholder data another SAQ type Merchants with environments that might meet the criteria of another SAQ type, but that have additional PCI DSS requirements applicable to their environment While many organizations completing SAQ D will need to validate compliance with every PCI DSSrequirement, some organizations with very specific business models may find that some requirements do
not apply. See the guidance below for information about the exclusion of certain, specific requirements.