PCI Requirement 3.5.4 – Store Cryptographic Keys in the Fewest Possible Locations
by Randy Bartels / July 28th, 2017
PCI Requirement 3.5.4 states, “Store cryptographic keys in the fewest possible locations.” Reducing the amount of locations where cryptographic keys are stored helps your…
PCI Requirement 3.5.3 – Store Secret & Private Keys Used to Encrypt/Decrypt Cardholder Data
by Randy Bartels / July 28th, 2017
PCI Requirement 3.5.3 requires organizations to, “Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the following forms…
PCI Requirement 3.5.2 – Restrict Access to Cryptographic Keys
by Randy Bartels / July 28th, 2017
PCI Requirement 3.5.2 states, “Restrict access to cryptographic keys to the fewest number of custodians necessary.” There should be very few employees who have…
PCI Requirement 3.5.1 – Maintain a Documented Description of the Cryptographic Architecture
by Randy Bartels / July 28th, 2017
PCI Requirement 3.5.1 is an additional requirement that only applies to service providers. It requires that your organization, “Maintain a documented description of the…
PCI Requirement 3.5 – Protect Keys Used to Store Cardholder Data
by Randy Bartels / July 28th, 2017
If your organization is using encryption to render cardholder data unreadable, you must have a key management program in place. PCI Requirement 3.5 requires…