Archives

PCI Requirement 3.7 – Security Policies & Operational Procedures

by Randy Bartels / July 28th, 2017

PCI Requirement 3 states, “Protect stored cardholder data.” We’ve discussed encryption, truncation, masking, and hashing – all methods that can be used to protect…

PCI Requirement 3.6.8 – Key-Custodian Responsibilities

by Randy Bartels / July 28th, 2017

Someone in your organization needs to be responsible for managing the encryption of your environment and accept the importance of this role. This is…

PCI Requirement 3.6.7 – Prevention of Unauthorized Substitution of Cryptographic Keys

by Randy Bartels / July 28th, 2017

Your organization must have the appropriate controls in place to prevent unauthorized key substitution. PCI Requirement 3.6.7 requires, “Prevention of unauthorized substitution of cryptographic…

PCI Requirement 3.6.6 – Using Split Knowledge & Dual Control

by Randy Bartels / July 28th, 2017

PCI Requirement 3.6.6 is one requirement that both assessors and clients struggle to understand. PCI Requirement 3.6.6 states, “If manual clear-text cryptographic key-management operations…

PCI Requirement 3.6.5 – Replacing Weakened Keys

by Randy Bartels / July 28th, 2017

PCI Requirement 3.6.5 requires, “Retirement or replacement (for example, archiving, destruction, and/or revocation) of keys as deemed necessary when the integrity of the key…

Search Results for:

PCI Requirement 3.7 – Security Policies & Operational Procedures

PCI Requirement 3.6.8 – Key-Custodian Responsibilities

PCI Requirement 3.6.7 – Prevention of Unauthorized Substitution of Cryptographic Keys

PCI Requirement 3.6.6 – Using Split Knowledge & Dual Control

PCI Requirement 3.6.5 – Replacing Weakened Keys

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.