Question

In: Operations Management

To perform a PCI DSS compliance audit, what elements must be in your audit checklist that...

  1. To perform a PCI DSS compliance audit, what elements must be in your audit checklist that pertain to the System/Application Domain?

  2. As per the SAQ-D and Attestation of Compliance, what are the four major elements a merchant must achieve as part of PCI DSS compliance?

  3. Which requirements in PCI DSS SAQ-D apply to vulnerability assessment and vulnerability management for production credit card transaction-processing servers?

Solutions

Expert Solution

To perform a PCI DSS compliance audit, what elements must be in your audit checklist that pertain to the System/Application Domain?

Making sure HTTPS is used in transactions.

Using encryptions in data or information transfers from one system to another.

Documents should be set to either Low, Medium or High in accessing risk.

As per the SAQ-D and Attestation of Compliance, what are the four major elements a merchant must achieve as part of PCI DSS compliance?

1. Complete the Self-Assessment Questionnaire (SAQ D) according to the instructions in the in the Self-Assessment Questionnaire Instructions and Guideline.

2. Complete a passing vulnerability scan with a PCI SSC approved scanning vender and obtain evidence of a passing scan from the ASV.

3. Complete the attestation of compliance in its entirety.

4. Submit the SAQ evidence of a passing scan, and the attestation of compliance, along with any other requested documentation, to you acquirer or to the payment brand or other requester.

Which requirements in PCI DSS SAQ-D apply to vulnerability assessment and vulnerability management for production credit card transaction-processing servers?

Requirement 5 Use regularly update anti virus software or programs

Requirement 6 Develop and maintain secure systems and applications


Related Solutions

1) Describe what is PCI DSS and what are the specific requirements for Applications?
1) Describe what is PCI DSS and what are the specific requirements for Applications?
Please describe the use of digital payment in your organization and the role of PCI-DSS in...
Please describe the use of digital payment in your organization and the role of PCI-DSS in protecting such transactions. If your organization/workplace does not implement digital payments, suggest a process or avenue to implement it
What are some options, according to PCI DSS, to protect external-facing Web applications from known attacks?...
What are some options, according to PCI DSS, to protect external-facing Web applications from known attacks? To perform a PCI DSS compliance audit on your e-commerce Web site, what should you incorporate into Requirement #6, “Develop and Maintain Secure Systems & Applications”? What do you recommend this organization implement for privacy data storage in long- term data storage devices?
explain the different levels of the PCI compliance (Payment Card Industry Security Standards Council) and what...
explain the different levels of the PCI compliance (Payment Card Industry Security Standards Council) and what needs to be done for a corporation to satisfy the PCI requirements for the Level 4 (small-to-medium sized business)
What elements should be incorporated into a coding compliance plan? How does a coding compliance plan...
What elements should be incorporated into a coding compliance plan? How does a coding compliance plan address fraud and abuse?
What in your opinion are the 5 elements that absolutely must to be included in a...
What in your opinion are the 5 elements that absolutely must to be included in a Final Business Idea Presentation?
What are the elements of an innovation strategy audit? How can targets in the audit be...
What are the elements of an innovation strategy audit? How can targets in the audit be used to identify opportunities? How might the learning in this article be applied to HULU, GROUPON OR REDBULL
What elements would you recommend to the chief compliance officer to be included in an overall...
What elements would you recommend to the chief compliance officer to be included in an overall compliance plan and in a more specific coding compliance plan?
Explain what is meant by “Carrying an audit in compliance with International Standards of Auditing (ISAs)”
Explain what is meant by “Carrying an audit in compliance with International Standards of Auditing (ISAs)”
Describe which laws IT execs must comply with and what are the issues in compliance with...
Describe which laws IT execs must comply with and what are the issues in compliance with these laws.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT