Date: Aug 9, 2022, 5:59:06 AM
Date: Aug 9, 2022, 6:02:30 AM
Editor: JeremyDannenmuller
Editor: Cedric
Name: PCI DSS 4.0
Name: PCI DSS 4.0
Description: PCI DSS 4.0
Description: PCI DSS 4.0
| t | 1 | { | t | 1 | { |
| 2 | "authors": [ | 2 | "authors": [ | ||
| 3 | "Jeremy Dannenmuller" | 3 | "Jeremy Dannenmuller" | ||
| 4 | ], | 4 | ], | ||
| 5 | "label": "PCI DSS 4.0", | 5 | "label": "PCI DSS 4.0", | ||
| 6 | "language": "EN", | 6 | "language": "EN", | ||
| 7 | "refs": "https://listings.pcisecuritystandards.org/documents/PCI-DSS-v4_0.pdf", | 7 | "refs": "https://listings.pcisecuritystandards.org/documents/PCI-DSS-v4_0.pdf", | ||
| 8 | "uuid": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 8 | "uuid": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 9 | "values": [ | 9 | "values": [ | ||
| 10 | { | 10 | { | ||
| 11 | "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", | 11 | "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", | ||
| 12 | "code": "5.4", | 12 | "code": "5.4", | ||
| 13 | "label": "5.4 Anti-phishing mechanisms protect users against phishing attacks.", | 13 | "label": "5.4 Anti-phishing mechanisms protect users against phishing attacks.", | ||
| 14 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 14 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 15 | "referential_label": "PCI DSS 4.0", | 15 | "referential_label": "PCI DSS 4.0", | ||
| 16 | "uuid": "\"033ed95f-0444-4200-a229-d36ba8d320ac\"" | 16 | "uuid": "\"033ed95f-0444-4200-a229-d36ba8d320ac\"" | ||
| 17 | }, | 17 | }, | ||
| 18 | { | 18 | { | ||
| 19 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | 19 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | ||
| 20 | "code": "11.1", | 20 | "code": "11.1", | ||
| 21 | "label": "11.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood.", | 21 | "label": "11.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood.", | ||
| 22 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 22 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 23 | "referential_label": "PCI DSS 4.0", | 23 | "referential_label": "PCI DSS 4.0", | ||
| 24 | "uuid": "042cc126-c21a-42c2-a003-fe0184ddbfec" | 24 | "uuid": "042cc126-c21a-42c2-a003-fe0184ddbfec" | ||
| 25 | }, | 25 | }, | ||
| 26 | { | 26 | { | ||
| 27 | "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", | 27 | "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", | ||
| 28 | "code": "6.4", | 28 | "code": "6.4", | ||
| 29 | "label": "6.4 Public-facing web applications are protected against attacks.", | 29 | "label": "6.4 Public-facing web applications are protected against attacks.", | ||
| 30 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 30 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 31 | "referential_label": "PCI DSS 4.0", | 31 | "referential_label": "PCI DSS 4.0", | ||
| 32 | "uuid": "046b9fca-955e-4d7f-bfca-ae6a0cf92f01" | 32 | "uuid": "046b9fca-955e-4d7f-bfca-ae6a0cf92f01" | ||
| 33 | }, | 33 | }, | ||
| 34 | { | 34 | { | ||
| 35 | "category": "Requirement 1: Install and maintain Network Security Controls", | 35 | "category": "Requirement 1: Install and maintain Network Security Controls", | ||
| 36 | "code": "1.1", | 36 | "code": "1.1", | ||
| 37 | "label": "1.1 Processes and mechanisms for installing and maintaining network security controls are defined and understood.", | 37 | "label": "1.1 Processes and mechanisms for installing and maintaining network security controls are defined and understood.", | ||
| 38 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 38 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 39 | "referential_label": "PCI DSS 4.0", | 39 | "referential_label": "PCI DSS 4.0", | ||
| 40 | "uuid": "09262d8f-9fa8-48bc-90a6-b5dd76f6f5a6" | 40 | "uuid": "09262d8f-9fa8-48bc-90a6-b5dd76f6f5a6" | ||
| 41 | }, | 41 | }, | ||
| 42 | { | 42 | { | ||
| 43 | "category": "Requirement 1: Install and maintain Network Security Controls", | 43 | "category": "Requirement 1: Install and maintain Network Security Controls", | ||
| 44 | "code": "1.3", | 44 | "code": "1.3", | ||
| 45 | "label": "1.3 Network access to and from the cardholder data environment is restricted.", | 45 | "label": "1.3 Network access to and from the cardholder data environment is restricted.", | ||
| 46 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 46 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 47 | "referential_label": "PCI DSS 4.0", | 47 | "referential_label": "PCI DSS 4.0", | ||
| 48 | "uuid": "0a26e736-1827-4572-9165-617b4d4a5edd" | 48 | "uuid": "0a26e736-1827-4572-9165-617b4d4a5edd" | ||
| 49 | }, | 49 | }, | ||
| 50 | { | 50 | { | ||
| 51 | "category": "Requirement 2: Apply Secure Configurations to All System Components.", | 51 | "category": "Requirement 2: Apply Secure Configurations to All System Components.", | ||
| 52 | "code": "2.2", | 52 | "code": "2.2", | ||
| 53 | "label": "2.2 System components are configured and managed securely.", | 53 | "label": "2.2 System components are configured and managed securely.", | ||
| 54 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 54 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 55 | "referential_label": "PCI DSS 4.0", | 55 | "referential_label": "PCI DSS 4.0", | ||
| 56 | "uuid": "109bd9fe-1bbd-45f0-91da-27758cfacb1f" | 56 | "uuid": "109bd9fe-1bbd-45f0-91da-27758cfacb1f" | ||
| 57 | }, | 57 | }, | ||
| 58 | { | 58 | { | ||
| 59 | "category": "A2 - Additional PCI DSS Requirements for Entities Using SSL/Early TLS for Card-Present POS POI Terminal Connections", | 59 | "category": "A2 - Additional PCI DSS Requirements for Entities Using SSL/Early TLS for Card-Present POS POI Terminal Connections", | ||
| 60 | "code": "A.2.1", | 60 | "code": "A.2.1", | ||
| 61 | "label": "A2.1 POI terminals using SSL and/or early TLS are confirmed as not susceptible to known SSL/TLS exploits.", | 61 | "label": "A2.1 POI terminals using SSL and/or early TLS are confirmed as not susceptible to known SSL/TLS exploits.", | ||
| 62 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 62 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 63 | "referential_label": "PCI DSS 4.0", | 63 | "referential_label": "PCI DSS 4.0", | ||
| 64 | "uuid": "11bd5603-6d95-45b2-b166-2977810e693b" | 64 | "uuid": "11bd5603-6d95-45b2-b166-2977810e693b" | ||
| 65 | }, | 65 | }, | ||
| 66 | { | 66 | { | ||
| 67 | "category": "Requirement 3: Protect Stored Account Data.", | 67 | "category": "Requirement 3: Protect Stored Account Data.", | ||
| 68 | "code": "3.2", | 68 | "code": "3.2", | ||
| 69 | "label": "3.2 Storage of account data is kept to a minimum.", | 69 | "label": "3.2 Storage of account data is kept to a minimum.", | ||
| 70 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 70 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 71 | "referential_label": "PCI DSS 4.0", | 71 | "referential_label": "PCI DSS 4.0", | ||
| 72 | "uuid": "13643f1d-5127-4338-8747-b9b1a5153553" | 72 | "uuid": "13643f1d-5127-4338-8747-b9b1a5153553" | ||
| 73 | }, | 73 | }, | ||
| 74 | { | 74 | { | ||
| 75 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | 75 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | ||
| 76 | "code": "10.2", | 76 | "code": "10.2", | ||
| 77 | "label": "10.2 Audit logs are implemented to support the detection of anomalies and suspicious activity. and the forensic analysis of events.", | 77 | "label": "10.2 Audit logs are implemented to support the detection of anomalies and suspicious activity. and the forensic analysis of events.", | ||
| 78 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 78 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 79 | "referential_label": "PCI DSS 4.0", | 79 | "referential_label": "PCI DSS 4.0", | ||
| 80 | "uuid": "1570bd71-c8bd-4839-a833-20a4d9c78c19" | 80 | "uuid": "1570bd71-c8bd-4839-a833-20a4d9c78c19" | ||
| 81 | }, | 81 | }, | ||
| 82 | { | 82 | { | ||
| 83 | "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", | 83 | "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", | ||
| 84 | "code": "6.2", | 84 | "code": "6.2", | ||
| 85 | "label": "6.2 Bespoke and custom software are developed securely.", | 85 | "label": "6.2 Bespoke and custom software are developed securely.", | ||
| 86 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 86 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 87 | "referential_label": "PCI DSS 4.0", | 87 | "referential_label": "PCI DSS 4.0", | ||
| 88 | "uuid": "166b54f6-039c-47ee-b53c-a4c441054ef3" | 88 | "uuid": "166b54f6-039c-47ee-b53c-a4c441054ef3" | ||
| 89 | }, | 89 | }, | ||
| 90 | { | 90 | { | ||
| 91 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | 91 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | ||
| 92 | "code": "11.2", | 92 | "code": "11.2", | ||
| 93 | "label": "11.2 Wireless access points are identified and monitored. and unauthorized wireless access points are addressed.", | 93 | "label": "11.2 Wireless access points are identified and monitored. and unauthorized wireless access points are addressed.", | ||
| 94 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 94 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 95 | "referential_label": "PCI DSS 4.0", | 95 | "referential_label": "PCI DSS 4.0", | ||
| 96 | "uuid": "198e86b1-88fd-4ca2-920b-abe3188d2161" | 96 | "uuid": "198e86b1-88fd-4ca2-920b-abe3188d2161" | ||
| 97 | }, | 97 | }, | ||
| 98 | { | 98 | { | ||
| 99 | "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", | 99 | "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", | ||
| 100 | "code": "9.2", | 100 | "code": "9.2", | ||
| 101 | "label": "9.2 Physical access controls manage entry into facilities and systems containing cardholder data.", | 101 | "label": "9.2 Physical access controls manage entry into facilities and systems containing cardholder data.", | ||
| 102 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 102 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 103 | "referential_label": "PCI DSS 4.0", | 103 | "referential_label": "PCI DSS 4.0", | ||
| 104 | "uuid": "29116643-2936-45ae-b095-c32472c5c5fc" | 104 | "uuid": "29116643-2936-45ae-b095-c32472c5c5fc" | ||
| 105 | }, | 105 | }, | ||
| 106 | { | 106 | { | ||
| 107 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | 107 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | ||
| 108 | "code": "10.1", | 108 | "code": "10.1", | ||
| 109 | "label": "10.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented.", | 109 | "label": "10.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented.", | ||
| 110 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 110 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 111 | "referential_label": "PCI DSS 4.0", | 111 | "referential_label": "PCI DSS 4.0", | ||
| 112 | "uuid": "291753d9-bdb7-4284-82cd-86639dd5051c" | 112 | "uuid": "291753d9-bdb7-4284-82cd-86639dd5051c" | ||
| 113 | }, | 113 | }, | ||
| 114 | { | 114 | { | ||
| 115 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | 115 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | ||
| 116 | "code": "8.4", | 116 | "code": "8.4", | ||
| 117 | "label": "8.4 Multi-factor authentication (MFA) is implemented to secure access into the CDE", | 117 | "label": "8.4 Multi-factor authentication (MFA) is implemented to secure access into the CDE", | ||
| 118 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 118 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 119 | "referential_label": "PCI DSS 4.0", | 119 | "referential_label": "PCI DSS 4.0", | ||
| 120 | "uuid": "2b3ceaf1-acd1-4a25-9920-9365a0edecc6" | 120 | "uuid": "2b3ceaf1-acd1-4a25-9920-9365a0edecc6" | ||
| 121 | }, | 121 | }, | ||
| 122 | { | 122 | { | ||
| 123 | "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", | 123 | "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", | ||
| 124 | "code": "5.2", | 124 | "code": "5.2", | ||
| 125 | "label": "5.2 Malicious software (malware) is prevented. or detected and addressed.", | 125 | "label": "5.2 Malicious software (malware) is prevented. or detected and addressed.", | ||
| 126 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 126 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 127 | "referential_label": "PCI DSS 4.0", | 127 | "referential_label": "PCI DSS 4.0", | ||
| 128 | "uuid": "367f079c-235c-415f-acfa-cfc8fcbf57e3" | 128 | "uuid": "367f079c-235c-415f-acfa-cfc8fcbf57e3" | ||
| 129 | }, | 129 | }, | ||
| 130 | { | 130 | { | ||
| 131 | "category": "Requirement 3: Protect Stored Account Data.", | 131 | "category": "Requirement 3: Protect Stored Account Data.", | ||
| 132 | "code": "3.6", | 132 | "code": "3.6", | ||
| 133 | "label": "3.6 Cryptographic keys used to protect stored account data are secured.", | 133 | "label": "3.6 Cryptographic keys used to protect stored account data are secured.", | ||
| 134 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 134 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 135 | "referential_label": "PCI DSS 4.0", | 135 | "referential_label": "PCI DSS 4.0", | ||
| 136 | "uuid": "36db6005-d2cc-4406-a441-71cf2918935a" | 136 | "uuid": "36db6005-d2cc-4406-a441-71cf2918935a" | ||
| 137 | }, | 137 | }, | ||
| 138 | { | 138 | { | ||
| 139 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | 139 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | ||
| 140 | "code": "12.7", | 140 | "code": "12.7", | ||
| 141 | "label": "12.7 Personnel are screened to reduce risks from insider threats.", | 141 | "label": "12.7 Personnel are screened to reduce risks from insider threats.", | ||
| 142 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 142 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 143 | "referential_label": "PCI DSS 4.0", | 143 | "referential_label": "PCI DSS 4.0", | ||
| 144 | "uuid": "37e791d6-5a76-4bf6-a8dc-ed2951acca43" | 144 | "uuid": "37e791d6-5a76-4bf6-a8dc-ed2951acca43" | ||
| 145 | }, | 145 | }, | ||
| 146 | { | 146 | { | ||
| 147 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | 147 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | ||
| 148 | "code": "12.5", | 148 | "code": "12.5", | ||
| 149 | "label": "12.5 PCI DSS scope is documented and validated.", | 149 | "label": "12.5 PCI DSS scope is documented and validated.", | ||
| 150 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 150 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 151 | "referential_label": "PCI DSS 4.0", | 151 | "referential_label": "PCI DSS 4.0", | ||
| 152 | "uuid": "382b37cb-0b20-4d93-8297-156cbb7a0257" | 152 | "uuid": "382b37cb-0b20-4d93-8297-156cbb7a0257" | ||
| 153 | }, | 153 | }, | ||
| 154 | { | 154 | { | ||
| 155 | "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", | 155 | "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", | ||
| 156 | "code": "9.4", | 156 | "code": "9.4", | ||
| 157 | "label": "9.4 Media with cardholder data is securely stored. accessed. distributed. and destroyed.", | 157 | "label": "9.4 Media with cardholder data is securely stored. accessed. distributed. and destroyed.", | ||
| 158 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 158 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 159 | "referential_label": "PCI DSS 4.0", | 159 | "referential_label": "PCI DSS 4.0", | ||
| 160 | "uuid": "3b9336b9-d7b6-4ea6-bcba-920f9a6ced43" | 160 | "uuid": "3b9336b9-d7b6-4ea6-bcba-920f9a6ced43" | ||
| 161 | }, | 161 | }, | ||
| 162 | { | 162 | { | ||
| 163 | "category": "Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open. Public Networks.", | 163 | "category": "Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open. Public Networks.", | ||
| 164 | "code": "4.2", | 164 | "code": "4.2", | ||
| 165 | "label": "4.2 PAN is protected with strong cryptography during transmission", | 165 | "label": "4.2 PAN is protected with strong cryptography during transmission", | ||
| 166 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 166 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 167 | "referential_label": "PCI DSS 4.0", | 167 | "referential_label": "PCI DSS 4.0", | ||
| 168 | "uuid": "3b988763-bff2-4cee-b1b2-5cea61e9dcf8" | 168 | "uuid": "3b988763-bff2-4cee-b1b2-5cea61e9dcf8" | ||
| 169 | }, | 169 | }, | ||
| 170 | { | 170 | { | ||
| 171 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | 171 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | ||
| 172 | "code": "11.5", | 172 | "code": "11.5", | ||
| 173 | "label": "11.5 Network intrusions and unexpected file changes are detected and responded to.", | 173 | "label": "11.5 Network intrusions and unexpected file changes are detected and responded to.", | ||
| 174 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 174 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 175 | "referential_label": "PCI DSS 4.0", | 175 | "referential_label": "PCI DSS 4.0", | ||
| 176 | "uuid": "3d7419df-8a0b-4ec0-902f-89f90e77bdc1" | 176 | "uuid": "3d7419df-8a0b-4ec0-902f-89f90e77bdc1" | ||
| 177 | }, | 177 | }, | ||
| 178 | { | 178 | { | ||
| 179 | "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", | 179 | "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", | ||
| 180 | "code": "6.5", | 180 | "code": "6.5", | ||
| 181 | "label": "6.5 Changes to all system components are managed securely.", | 181 | "label": "6.5 Changes to all system components are managed securely.", | ||
| 182 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 182 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 183 | "referential_label": "PCI DSS 4.0", | 183 | "referential_label": "PCI DSS 4.0", | ||
| 184 | "uuid": "435fad54-ccb7-4f4f-b8fe-5b75af1bf4ea" | 184 | "uuid": "435fad54-ccb7-4f4f-b8fe-5b75af1bf4ea" | ||
| 185 | }, | 185 | }, | ||
| 186 | { | 186 | { | ||
| 187 | "category": "A3 - Designated Entities Supplemental Validation (DESV)", | 187 | "category": "A3 - Designated Entities Supplemental Validation (DESV)", | ||
| 188 | "code": "A3.3", | 188 | "code": "A3.3", | ||
| 189 | "label": "A3.3 PCI DSS is incorporated into business-as-usual (BAU) activities.", | 189 | "label": "A3.3 PCI DSS is incorporated into business-as-usual (BAU) activities.", | ||
| 190 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 190 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 191 | "referential_label": "PCI DSS 4.0", | 191 | "referential_label": "PCI DSS 4.0", | ||
| 192 | "uuid": "438c70bf-7e0c-477d-97ae-31578185da58" | 192 | "uuid": "438c70bf-7e0c-477d-97ae-31578185da58" | ||
| 193 | }, | 193 | }, | ||
| 194 | { | 194 | { | ||
| 195 | "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.", | 195 | "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.", | ||
| 196 | "code": "7.1", | 196 | "code": "7.1", | ||
| 197 | "label": "7.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood.", | 197 | "label": "7.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood.", | ||
| 198 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 198 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 199 | "referential_label": "PCI DSS 4.0", | 199 | "referential_label": "PCI DSS 4.0", | ||
| 200 | "uuid": "43ec094e-fe4c-4355-b4f4-5e7281016cec" | 200 | "uuid": "43ec094e-fe4c-4355-b4f4-5e7281016cec" | ||
| 201 | }, | 201 | }, | ||
| 202 | { | 202 | { | ||
| 203 | "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", | 203 | "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", | ||
| 204 | "code": "5.1", | 204 | "code": "5.1", | ||
| 205 | "label": "5.1 Processes and mechanisms for protecting all systems and networks from malicious software are defined and understood.", | 205 | "label": "5.1 Processes and mechanisms for protecting all systems and networks from malicious software are defined and understood.", | ||
| 206 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 206 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 207 | "referential_label": "PCI DSS 4.0", | 207 | "referential_label": "PCI DSS 4.0", | ||
| 208 | "uuid": "471b054e-61a2-4a72-830b-13843ed09146" | 208 | "uuid": "471b054e-61a2-4a72-830b-13843ed09146" | ||
| 209 | }, | 209 | }, | ||
| 210 | { | 210 | { | ||
| 211 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | 211 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | ||
| 212 | "code": "12.1", | 212 | "code": "12.1", | ||
| 213 | "label": "12.1 A comprehensive information security policy that governs and provides direction for protection of the entity’s information assets is known and current.", | 213 | "label": "12.1 A comprehensive information security policy that governs and provides direction for protection of the entity’s information assets is known and current.", | ||
| 214 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 214 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 215 | "referential_label": "PCI DSS 4.0", | 215 | "referential_label": "PCI DSS 4.0", | ||
| 216 | "uuid": "478a985a-4bad-42a5-b34e-45d5db543d63" | 216 | "uuid": "478a985a-4bad-42a5-b34e-45d5db543d63" | ||
| 217 | }, | 217 | }, | ||
| 218 | { | 218 | { | ||
| 219 | "category": "A1 - Additional PCI DSS Requirements for Multi-Tenant Service Providerss", | 219 | "category": "A1 - Additional PCI DSS Requirements for Multi-Tenant Service Providerss", | ||
| 220 | "code": "A1.1", | 220 | "code": "A1.1", | ||
| 221 | "label": "A1.1 Multi-tenant service providers protect and separate all customer environments and data.", | 221 | "label": "A1.1 Multi-tenant service providers protect and separate all customer environments and data.", | ||
| 222 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 222 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 223 | "referential_label": "PCI DSS 4.0", | 223 | "referential_label": "PCI DSS 4.0", | ||
| 224 | "uuid": "49c69882-50a8-4bb7-b56a-e9471d7943d1" | 224 | "uuid": "49c69882-50a8-4bb7-b56a-e9471d7943d1" | ||
| 225 | }, | 225 | }, | ||
| 226 | { | 226 | { | ||
| 227 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | 227 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | ||
| 228 | "code": "8.1", | 228 | "code": "8.1", | ||
| 229 | "label": "8.1 Processes and mechanisms for identifying users and authenticating access to system components are defined and understood.", | 229 | "label": "8.1 Processes and mechanisms for identifying users and authenticating access to system components are defined and understood.", | ||
| 230 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 230 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 231 | "referential_label": "PCI DSS 4.0", | 231 | "referential_label": "PCI DSS 4.0", | ||
| 232 | "uuid": "4c8a94b0-1f2c-4a10-a279-6ee20397543e" | 232 | "uuid": "4c8a94b0-1f2c-4a10-a279-6ee20397543e" | ||
| 233 | }, | 233 | }, | ||
| 234 | { | 234 | { | ||
| 235 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | 235 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | ||
| 236 | "code": "10.4", | 236 | "code": "10.4", | ||
| 237 | "label": "10.4 Audit logs are reviewed to identify anomalies or suspicious activity.", | 237 | "label": "10.4 Audit logs are reviewed to identify anomalies or suspicious activity.", | ||
| 238 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 238 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 239 | "referential_label": "PCI DSS 4.0", | 239 | "referential_label": "PCI DSS 4.0", | ||
| 240 | "uuid": "536ee90b-6041-4e7f-b445-0fde74e24338" | 240 | "uuid": "536ee90b-6041-4e7f-b445-0fde74e24338" | ||
| 241 | }, | 241 | }, | ||
| 242 | { | 242 | { | ||
| 243 | "category": "A3 - Designated Entities Supplemental Validation (DESV)", | 243 | "category": "A3 - Designated Entities Supplemental Validation (DESV)", | ||
| 244 | "code": "A3.1", | 244 | "code": "A3.1", | ||
| 245 | "label": "A3.1 A PCI DSS compliance program is implemented.", | 245 | "label": "A3.1 A PCI DSS compliance program is implemented.", | ||
| 246 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 246 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 247 | "referential_label": "PCI DSS 4.0", | 247 | "referential_label": "PCI DSS 4.0", | ||
| 248 | "uuid": "5b43004f-9e3d-42f3-a321-f482d68ff54d" | 248 | "uuid": "5b43004f-9e3d-42f3-a321-f482d68ff54d" | ||
| 249 | }, | 249 | }, | ||
| 250 | { | 250 | { | ||
| 251 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | 251 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | ||
| 252 | "code": "12.9", | 252 | "code": "12.9", | ||
| 253 | "label": "12.9 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance.", | 253 | "label": "12.9 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance.", | ||
| 254 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 254 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 255 | "referential_label": "PCI DSS 4.0", | 255 | "referential_label": "PCI DSS 4.0", | ||
| 256 | "uuid": "5bf20465-8283-4b0f-82fa-ff2fa4f5b6e8" | 256 | "uuid": "5bf20465-8283-4b0f-82fa-ff2fa4f5b6e8" | ||
| 257 | }, | 257 | }, | ||
| 258 | { | 258 | { | ||
| 259 | "category": "Requirement 1: Install and maintain Network Security Controls", | 259 | "category": "Requirement 1: Install and maintain Network Security Controls", | ||
| 260 | "code": "1.4", | 260 | "code": "1.4", | ||
| 261 | "label": "1.4 Network connections between trusted and untrusted networks are controlled.", | 261 | "label": "1.4 Network connections between trusted and untrusted networks are controlled.", | ||
| 262 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 262 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 263 | "referential_label": "PCI DSS 4.0", | 263 | "referential_label": "PCI DSS 4.0", | ||
| 264 | "uuid": "5d8988d4-09b2-416d-b58a-970597fc4397" | 264 | "uuid": "5d8988d4-09b2-416d-b58a-970597fc4397" | ||
| 265 | }, | 265 | }, | ||
| 266 | { | 266 | { | ||
| 267 | "category": "Requirement 3: Protect Stored Account Data.", | 267 | "category": "Requirement 3: Protect Stored Account Data.", | ||
| 268 | "code": "3.1", | 268 | "code": "3.1", | ||
| 269 | "label": "3.1 Processes and mechanisms for protecting stored account data are defined and understood.", | 269 | "label": "3.1 Processes and mechanisms for protecting stored account data are defined and understood.", | ||
| 270 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 270 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 271 | "referential_label": "PCI DSS 4.0", | 271 | "referential_label": "PCI DSS 4.0", | ||
| 272 | "uuid": "6ad4ac2b-74e8-4ff2-9d39-f6becb2e124f" | 272 | "uuid": "6ad4ac2b-74e8-4ff2-9d39-f6becb2e124f" | ||
| 273 | }, | 273 | }, | ||
| 274 | { | 274 | { | ||
| 275 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | 275 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | ||
| 276 | "code": "10.6", | 276 | "code": "10.6", | ||
| 277 | "label": "10.6 Time-synchronization mechanisms support consistent time settings across all systems.", | 277 | "label": "10.6 Time-synchronization mechanisms support consistent time settings across all systems.", | ||
| 278 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 278 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 279 | "referential_label": "PCI DSS 4.0", | 279 | "referential_label": "PCI DSS 4.0", | ||
| 280 | "uuid": "6eca23a9-8def-4bd9-8ece-b0666a2f4368" | 280 | "uuid": "6eca23a9-8def-4bd9-8ece-b0666a2f4368" | ||
| 281 | }, | 281 | }, | ||
| 282 | { | 282 | { | ||
| 283 | "category": "Requirement 2: Apply Secure Configurations to All System Components.", | 283 | "category": "Requirement 2: Apply Secure Configurations to All System Components.", | ||
| 284 | "code": "2.1", | 284 | "code": "2.1", | ||
| 285 | "label": "2.1 Processes and mechanisms for applying secure configurations to all system components are defined and understood.", | 285 | "label": "2.1 Processes and mechanisms for applying secure configurations to all system components are defined and understood.", | ||
| 286 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 286 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 287 | "referential_label": "PCI DSS 4.0", | 287 | "referential_label": "PCI DSS 4.0", | ||
| 288 | "uuid": "6f8d5129-c4df-49d4-9728-05d78632814b" | 288 | "uuid": "6f8d5129-c4df-49d4-9728-05d78632814b" | ||
| 289 | }, | 289 | }, | ||
| 290 | { | 290 | { | ||
| 291 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | 291 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | ||
| 292 | "code": "12.6", | 292 | "code": "12.6", | ||
| 293 | "label": "12.6 Security awareness education is an ongoing activity.", | 293 | "label": "12.6 Security awareness education is an ongoing activity.", | ||
| 294 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 294 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 295 | "referential_label": "PCI DSS 4.0", | 295 | "referential_label": "PCI DSS 4.0", | ||
| 296 | "uuid": "71787501-c169-411d-9778-e2cfc5e5736b" | 296 | "uuid": "71787501-c169-411d-9778-e2cfc5e5736b" | ||
| 297 | }, | 297 | }, | ||
| 298 | { | 298 | { | ||
| 299 | "category": "Requirement 3: Protect Stored Account Data.", | 299 | "category": "Requirement 3: Protect Stored Account Data.", | ||
| 300 | "code": "3.7", | 300 | "code": "3.7", | ||
| 301 | "label": "3.7 Where cryptography is used to protect stored account data. key management processes and procedures covering all aspects of the key lifecycle are defined and implemented.", | 301 | "label": "3.7 Where cryptography is used to protect stored account data. key management processes and procedures covering all aspects of the key lifecycle are defined and implemented.", | ||
| 302 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 302 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 303 | "referential_label": "PCI DSS 4.0", | 303 | "referential_label": "PCI DSS 4.0", | ||
| 304 | "uuid": "842b0d6d-2577-4ab4-9b8f-c19679c8d473" | 304 | "uuid": "842b0d6d-2577-4ab4-9b8f-c19679c8d473" | ||
| 305 | }, | 305 | }, | ||
| 306 | { | 306 | { | ||
| 307 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | 307 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | ||
| 308 | "code": "10.7", | 308 | "code": "10.7", | ||
| 309 | "label": "10.7 Failures of critical security control systems are detected. reported. and responded to promptly.", | 309 | "label": "10.7 Failures of critical security control systems are detected. reported. and responded to promptly.", | ||
| 310 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 310 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 311 | "referential_label": "PCI DSS 4.0", | 311 | "referential_label": "PCI DSS 4.0", | ||
| 312 | "uuid": "8500ef96-773c-4616-b5c8-62145ef3def8" | 312 | "uuid": "8500ef96-773c-4616-b5c8-62145ef3def8" | ||
| 313 | }, | 313 | }, | ||
| 314 | { | 314 | { | ||
| 315 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | 315 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | ||
| 316 | "code": "12.3", | 316 | "code": "12.3", | ||
| 317 | "label": "12.3 Risks to the cardholder data environment are formally identified. evaluated. and managed.", | 317 | "label": "12.3 Risks to the cardholder data environment are formally identified. evaluated. and managed.", | ||
| 318 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 318 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 319 | "referential_label": "PCI DSS 4.0", | 319 | "referential_label": "PCI DSS 4.0", | ||
| 320 | "uuid": "8553ef88-3cf6-419d-951b-60d9f0bfa59e" | 320 | "uuid": "8553ef88-3cf6-419d-951b-60d9f0bfa59e" | ||
| 321 | }, | 321 | }, | ||
| 322 | { | 322 | { | ||
| 323 | "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.", | 323 | "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.", | ||
| 324 | "code": "7.2", | 324 | "code": "7.2", | ||
| 325 | "label": "7.2 Access to system components and data is appropriately defined and assigned.", | 325 | "label": "7.2 Access to system components and data is appropriately defined and assigned.", | ||
| 326 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 326 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 327 | "referential_label": "PCI DSS 4.0", | 327 | "referential_label": "PCI DSS 4.0", | ||
| 328 | "uuid": "898f18b0-f44b-4417-be6a-ce77e4291870" | 328 | "uuid": "898f18b0-f44b-4417-be6a-ce77e4291870" | ||
| 329 | }, | 329 | }, | ||
| 330 | { | 330 | { | ||
| 331 | "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", | 331 | "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", | ||
| 332 | "code": "9.1", | 332 | "code": "9.1", | ||
| 333 | "label": "9.1 Processes and mechanisms for restricting physical access to cardholder data are defined and understood.", | 333 | "label": "9.1 Processes and mechanisms for restricting physical access to cardholder data are defined and understood.", | ||
| 334 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 334 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 335 | "referential_label": "PCI DSS 4.0", | 335 | "referential_label": "PCI DSS 4.0", | ||
| 336 | "uuid": "8ecf814d-8ead-4774-aa4c-9a0f447de93e" | 336 | "uuid": "8ecf814d-8ead-4774-aa4c-9a0f447de93e" | ||
| 337 | }, | 337 | }, | ||
| 338 | { | 338 | { | ||
| 339 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | 339 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | ||
| 340 | "code": "10.5", | 340 | "code": "10.5", | ||
| 341 | "label": "10.5 Audit log history is retained and available for analysis.", | 341 | "label": "10.5 Audit log history is retained and available for analysis.", | ||
| 342 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 342 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 343 | "referential_label": "PCI DSS 4.0", | 343 | "referential_label": "PCI DSS 4.0", | ||
| 344 | "uuid": "91456cd4-47b4-49a8-9ac7-e10c94deb909" | 344 | "uuid": "91456cd4-47b4-49a8-9ac7-e10c94deb909" | ||
| 345 | }, | 345 | }, | ||
| 346 | { | 346 | { | ||
| 347 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | 347 | "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.", | ||
| 348 | "code": "10.3", | 348 | "code": "10.3", | ||
| 349 | "label": "10.3 Audit logs are protected from destruction and unauthorized modifications.", | 349 | "label": "10.3 Audit logs are protected from destruction and unauthorized modifications.", | ||
| 350 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 350 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 351 | "referential_label": "PCI DSS 4.0", | 351 | "referential_label": "PCI DSS 4.0", | ||
| 352 | "uuid": "9545f6f7-1959-4972-828e-c002fb7c5e3f" | 352 | "uuid": "9545f6f7-1959-4972-828e-c002fb7c5e3f" | ||
| 353 | }, | 353 | }, | ||
| 354 | { | 354 | { | ||
| 355 | "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.", | 355 | "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.", | ||
| 356 | "code": "7.3", | 356 | "code": "7.3", | ||
| 357 | "label": "7.3 Access to system components and data is managed via an access control system(s).", | 357 | "label": "7.3 Access to system components and data is managed via an access control system(s).", | ||
| 358 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 358 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 359 | "referential_label": "PCI DSS 4.0", | 359 | "referential_label": "PCI DSS 4.0", | ||
| 360 | "uuid": "9bd5a560-6770-4620-8a87-3df344593a05" | 360 | "uuid": "9bd5a560-6770-4620-8a87-3df344593a05" | ||
| 361 | }, | 361 | }, | ||
| 362 | { | 362 | { | ||
| 363 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | 363 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | ||
| 364 | "code": "11.6", | 364 | "code": "11.6", | ||
| 365 | "label": "11.6 Unauthorized changes on payment pages are detected and responded to.", | 365 | "label": "11.6 Unauthorized changes on payment pages are detected and responded to.", | ||
| 366 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 366 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 367 | "referential_label": "PCI DSS 4.0", | 367 | "referential_label": "PCI DSS 4.0", | ||
| 368 | "uuid": "9e9b1e73-bb3f-4dac-b85e-51b0a28a746a" | 368 | "uuid": "9e9b1e73-bb3f-4dac-b85e-51b0a28a746a" | ||
| 369 | }, | 369 | }, | ||
| 370 | { | 370 | { | ||
| 371 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | 371 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | ||
| 372 | "code": "8.6", | 372 | "code": "8.6", | ||
| 373 | "label": "8.6 Use of application and system accounts and associated authentication factors is strictly managed.", | 373 | "label": "8.6 Use of application and system accounts and associated authentication factors is strictly managed.", | ||
| 374 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 374 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 375 | "referential_label": "PCI DSS 4.0", | 375 | "referential_label": "PCI DSS 4.0", | ||
| 376 | "uuid": "9f0dec80-eec7-49a8-bbbd-9d1af3c3bd47" | 376 | "uuid": "9f0dec80-eec7-49a8-bbbd-9d1af3c3bd47" | ||
| 377 | }, | 377 | }, | ||
| 378 | { | 378 | { | ||
| 379 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | 379 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | ||
| 380 | "code": "8.2", | 380 | "code": "8.2", | ||
| 381 | "label": "8.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle.", | 381 | "label": "8.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle.", | ||
| 382 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 382 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 383 | "referential_label": "PCI DSS 4.0", | 383 | "referential_label": "PCI DSS 4.0", | ||
| 384 | "uuid": "a77319f3-1eec-4789-8756-b2df9270901b" | 384 | "uuid": "a77319f3-1eec-4789-8756-b2df9270901b" | ||
| 385 | }, | 385 | }, | ||
| 386 | { | 386 | { | ||
| 387 | "category": "Requirement 2: Apply Secure Configurations to All System Components.", | 387 | "category": "Requirement 2: Apply Secure Configurations to All System Components.", | ||
| 388 | "code": "2.3", | 388 | "code": "2.3", | ||
| 389 | "label": "2.3 Wireless environments are configured and managed securely.", | 389 | "label": "2.3 Wireless environments are configured and managed securely.", | ||
| 390 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 390 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 391 | "referential_label": "PCI DSS 4.0", | 391 | "referential_label": "PCI DSS 4.0", | ||
| 392 | "uuid": "aa8d0ac1-cb2a-4e0f-bcaa-d2763497f676" | 392 | "uuid": "aa8d0ac1-cb2a-4e0f-bcaa-d2763497f676" | ||
| 393 | }, | 393 | }, | ||
| 394 | { | 394 | { | ||
| 395 | "category": "Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open. Public Networks.", | 395 | "category": "Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open. Public Networks.", | ||
| 396 | "code": "4.1", | 396 | "code": "4.1", | ||
| 397 | "label": "4.1 Processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open. public networks are defined and documented.", | 397 | "label": "4.1 Processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open. public networks are defined and documented.", | ||
| 398 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 398 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 399 | "referential_label": "PCI DSS 4.0", | 399 | "referential_label": "PCI DSS 4.0", | ||
| 400 | "uuid": "af758496-f659-442b-be1a-cd11dbc05de8" | 400 | "uuid": "af758496-f659-442b-be1a-cd11dbc05de8" | ||
| 401 | }, | 401 | }, | ||
| 402 | { | 402 | { | ||
| 403 | "category": "Requirement 3: Protect Stored Account Data.", | 403 | "category": "Requirement 3: Protect Stored Account Data.", | ||
| 404 | "code": "3.4", | 404 | "code": "3.4", | ||
| 405 | "label": "3.4 Access to displays of full PAN and ability to copy cardholder data are restricted.", | 405 | "label": "3.4 Access to displays of full PAN and ability to copy cardholder data are restricted.", | ||
| 406 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 406 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 407 | "referential_label": "PCI DSS 4.0", | 407 | "referential_label": "PCI DSS 4.0", | ||
| 408 | "uuid": "b0a9f97c-0ecc-4ebf-865e-2a7efdb3b52b" | 408 | "uuid": "b0a9f97c-0ecc-4ebf-865e-2a7efdb3b52b" | ||
| 409 | }, | 409 | }, | ||
| 410 | { | 410 | { | ||
| 411 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | 411 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | ||
| 412 | "code": "11.3", | 412 | "code": "11.3", | ||
| 413 | "label": "11.3 External and internal vulnerabilities are regularly identified. prioritized. and addressed.", | 413 | "label": "11.3 External and internal vulnerabilities are regularly identified. prioritized. and addressed.", | ||
| 414 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 414 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 415 | "referential_label": "PCI DSS 4.0", | 415 | "referential_label": "PCI DSS 4.0", | ||
| 416 | "uuid": "b1d5619d-525a-4bc9-9919-4a16efb68f81" | 416 | "uuid": "b1d5619d-525a-4bc9-9919-4a16efb68f81" | ||
| 417 | }, | 417 | }, | ||
| 418 | { | 418 | { | ||
| 419 | "category": "Requirement 3: Protect Stored Account Data.", | 419 | "category": "Requirement 3: Protect Stored Account Data.", | ||
| 420 | "code": "3.3", | 420 | "code": "3.3", | ||
| 421 | "label": "3.3 Sensitive authentication data (SAD) is not stored after authorization.", | 421 | "label": "3.3 Sensitive authentication data (SAD) is not stored after authorization.", | ||
| 422 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 422 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 423 | "referential_label": "PCI DSS 4.0", | 423 | "referential_label": "PCI DSS 4.0", | ||
| 424 | "uuid": "b8b5e383-cb55-43fc-b3ea-9a89b4e0ab10" | 424 | "uuid": "b8b5e383-cb55-43fc-b3ea-9a89b4e0ab10" | ||
| 425 | }, | 425 | }, | ||
| 426 | { | 426 | { | ||
| 427 | "category": "A3 - Designated Entities Supplemental Validation (DESV)", | 427 | "category": "A3 - Designated Entities Supplemental Validation (DESV)", | ||
| 428 | "code": "A3.4", | 428 | "code": "A3.4", | ||
| 429 | "label": "A3.4 Logical access to the cardholder data environment is controlled and managed.", | 429 | "label": "A3.4 Logical access to the cardholder data environment is controlled and managed.", | ||
| 430 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 430 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 431 | "referential_label": "PCI DSS 4.0", | 431 | "referential_label": "PCI DSS 4.0", | ||
| 432 | "uuid": "be27bba6-21a1-416b-8258-cb9c232dc471" | 432 | "uuid": "be27bba6-21a1-416b-8258-cb9c232dc471" | ||
| 433 | }, | 433 | }, | ||
| 434 | { | 434 | { | ||
| 435 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | 435 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | ||
| 436 | "code": "8.3", | 436 | "code": "8.3", | ||
| 437 | "label": "8.3 Strong authentication for users and administrators is established and managed.", | 437 | "label": "8.3 Strong authentication for users and administrators is established and managed.", | ||
| 438 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 438 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 439 | "referential_label": "PCI DSS 4.0", | 439 | "referential_label": "PCI DSS 4.0", | ||
| 440 | "uuid": "be64acf7-9530-4008-84d0-3a47086c9c27" | 440 | "uuid": "be64acf7-9530-4008-84d0-3a47086c9c27" | ||
| 441 | }, | 441 | }, | ||
| 442 | { | 442 | { | ||
| 443 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | 443 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | ||
| 444 | "code": "12.10", | 444 | "code": "12.10", | ||
| 445 | "label": "12.10 Suspected and confirmed security incidents that could impact the CDE are responded to immediately.", | 445 | "label": "12.10 Suspected and confirmed security incidents that could impact the CDE are responded to immediately.", | ||
| 446 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 446 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 447 | "referential_label": "PCI DSS 4.0", | 447 | "referential_label": "PCI DSS 4.0", | ||
| 448 | "uuid": "be9c173b-84c8-4b07-a71c-be8b1a44da6d" | 448 | "uuid": "be9c173b-84c8-4b07-a71c-be8b1a44da6d" | ||
| 449 | }, | 449 | }, | ||
| 450 | { | 450 | { | ||
| 451 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | 451 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | ||
| 452 | "code": "12.8", | 452 | "code": "12.8", | ||
| 453 | "label": "12.8 Risk to information assets associated with third-party service provider (TPSP) relationships is managed.", | 453 | "label": "12.8 Risk to information assets associated with third-party service provider (TPSP) relationships is managed.", | ||
| 454 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 454 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 455 | "referential_label": "PCI DSS 4.0", | 455 | "referential_label": "PCI DSS 4.0", | ||
| 456 | "uuid": "be9d8fae-7af6-4555-812c-c587b43a8c2a" | 456 | "uuid": "be9d8fae-7af6-4555-812c-c587b43a8c2a" | ||
| 457 | }, | 457 | }, | ||
| 458 | { | 458 | { | ||
| 459 | "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", | 459 | "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", | ||
| 460 | "code": "6.1", | 460 | "code": "6.1", | ||
| 461 | "label": "6.1 Processes and mechanisms for developing and maintaining secure systems and software are defined and understood.", | 461 | "label": "6.1 Processes and mechanisms for developing and maintaining secure systems and software are defined and understood.", | ||
| 462 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 462 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 463 | "referential_label": "PCI DSS 4.0", | 463 | "referential_label": "PCI DSS 4.0", | ||
| 464 | "uuid": "c059d4de-2980-46c8-bb74-b68b9e1053e4" | 464 | "uuid": "c059d4de-2980-46c8-bb74-b68b9e1053e4" | ||
| 465 | }, | 465 | }, | ||
| 466 | { | 466 | { | ||
| 467 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | 467 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | ||
| 468 | "code": "12.4", | 468 | "code": "12.4", | ||
| 469 | "label": "12.4 PCI DSS compliance is managed.", | 469 | "label": "12.4 PCI DSS compliance is managed.", | ||
| 470 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 470 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 471 | "referential_label": "PCI DSS 4.0", | 471 | "referential_label": "PCI DSS 4.0", | ||
| 472 | "uuid": "ca690618-be96-4a4b-ae7e-b55ad2c50241" | 472 | "uuid": "ca690618-be96-4a4b-ae7e-b55ad2c50241" | ||
| 473 | }, | 473 | }, | ||
| 474 | { | 474 | { | ||
| 475 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | 475 | "category": "Requirement 8: Identify Users and Authenticate Access to System Components.", | ||
| 476 | "code": "8.5", | 476 | "code": "8.5", | ||
| 477 | "label": "8.5 Multi-factor authentication (MFA) systems are configured to prevent misuse.", | 477 | "label": "8.5 Multi-factor authentication (MFA) systems are configured to prevent misuse.", | ||
| 478 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 478 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 479 | "referential_label": "PCI DSS 4.0", | 479 | "referential_label": "PCI DSS 4.0", | ||
| 480 | "uuid": "ca745f8a-b78a-4031-b669-9f80f3aca137" | 480 | "uuid": "ca745f8a-b78a-4031-b669-9f80f3aca137" | ||
| 481 | }, | 481 | }, | ||
| 482 | { | 482 | { | ||
| 483 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | 483 | "category": "Requirement 11: Test Security of Systems and Networks Regularly.", | ||
| 484 | "code": "11.4", | 484 | "code": "11.4", | ||
| 485 | "label": "11.4 External and internal penetration testing is regularly performed. and exploitable vulnerabilities and security weaknesses are corrected.", | 485 | "label": "11.4 External and internal penetration testing is regularly performed. and exploitable vulnerabilities and security weaknesses are corrected.", | ||
| 486 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 486 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 487 | "referential_label": "PCI DSS 4.0", | 487 | "referential_label": "PCI DSS 4.0", | ||
| 488 | "uuid": "ce87911e-ef45-44ec-8584-b63dbb0d3b10" | 488 | "uuid": "ce87911e-ef45-44ec-8584-b63dbb0d3b10" | ||
| 489 | }, | 489 | }, | ||
| 490 | { | 490 | { | ||
| 491 | "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", | 491 | "category": "Requirement 6: Develop and Maintain Secure Systems and Software.", | ||
| 492 | "code": "6.3", | 492 | "code": "6.3", | ||
| 493 | "label": "6.3 Security vulnerabilities are identified and addressed.", | 493 | "label": "6.3 Security vulnerabilities are identified and addressed.", | ||
| 494 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 494 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 495 | "referential_label": "PCI DSS 4.0", | 495 | "referential_label": "PCI DSS 4.0", | ||
| 496 | "uuid": "d33fbe7b-ca98-4cd7-805c-c25d2f54196d" | 496 | "uuid": "d33fbe7b-ca98-4cd7-805c-c25d2f54196d" | ||
| 497 | }, | 497 | }, | ||
| 498 | { | 498 | { | ||
| 499 | "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", | 499 | "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.", | ||
| 500 | "code": "5.3", | 500 | "code": "5.3", | ||
| 501 | "label": "5.3 Anti-malware mechanisms and processes are active. maintained. and monitored.", | 501 | "label": "5.3 Anti-malware mechanisms and processes are active. maintained. and monitored.", | ||
| 502 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 502 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 503 | "referential_label": "PCI DSS 4.0", | 503 | "referential_label": "PCI DSS 4.0", | ||
| 504 | "uuid": "de7526f0-bfdf-46a0-b6cd-bea9fb3ad41f" | 504 | "uuid": "de7526f0-bfdf-46a0-b6cd-bea9fb3ad41f" | ||
| 505 | }, | 505 | }, | ||
| 506 | { | 506 | { | ||
| 507 | "category": "Requirement 1: Install and maintain Network Security Controls", | 507 | "category": "Requirement 1: Install and maintain Network Security Controls", | ||
| 508 | "code": "1.2", | 508 | "code": "1.2", | ||
| 509 | "label": "1.2 Network security controls (NSCs) are configured and maintained.", | 509 | "label": "1.2 Network security controls (NSCs) are configured and maintained.", | ||
| 510 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 510 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 511 | "referential_label": "PCI DSS 4.0", | 511 | "referential_label": "PCI DSS 4.0", | ||
| 512 | "uuid": "df9c7366-838e-4107-951b-b7e1c8cfe80b" | 512 | "uuid": "df9c7366-838e-4107-951b-b7e1c8cfe80b" | ||
| 513 | }, | 513 | }, | ||
| 514 | { | 514 | { | ||
| 515 | "category": "A3 - Designated Entities Supplemental Validation (DESV)", | 515 | "category": "A3 - Designated Entities Supplemental Validation (DESV)", | ||
| 516 | "code": "A3.2", | 516 | "code": "A3.2", | ||
| 517 | "label": "A3.2 PCI DSS scope is documented and validated.", | 517 | "label": "A3.2 PCI DSS scope is documented and validated.", | ||
| 518 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 518 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 519 | "referential_label": "PCI DSS 4.0", | 519 | "referential_label": "PCI DSS 4.0", | ||
| 520 | "uuid": "e1da88c4-6a4b-4e80-a8e8-1927bfb3f985" | 520 | "uuid": "e1da88c4-6a4b-4e80-a8e8-1927bfb3f985" | ||
| 521 | }, | 521 | }, | ||
| 522 | { | 522 | { | ||
| 523 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | 523 | "category": "Requirement 12: Support Information Security with Organizational Policies and Programs", | ||
| 524 | "code": "12.2", | 524 | "code": "12.2", | ||
| 525 | "label": "12.2 Acceptable use policies for end-user technologies are defined and implemented.", | 525 | "label": "12.2 Acceptable use policies for end-user technologies are defined and implemented.", | ||
| 526 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 526 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 527 | "referential_label": "PCI DSS 4.0", | 527 | "referential_label": "PCI DSS 4.0", | ||
| 528 | "uuid": "e3c4b267-059e-4591-8e66-d8241bdeb589" | 528 | "uuid": "e3c4b267-059e-4591-8e66-d8241bdeb589" | ||
| 529 | }, | 529 | }, | ||
| 530 | { | 530 | { | ||
| 531 | "category": "Requirement 3: Protect Stored Account Data.", | 531 | "category": "Requirement 3: Protect Stored Account Data.", | ||
| 532 | "code": "3.5", | 532 | "code": "3.5", | ||
| 533 | "label": "3.5 Primary account number (PAN) is secured wherever it is stored.", | 533 | "label": "3.5 Primary account number (PAN) is secured wherever it is stored.", | ||
| 534 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 534 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 535 | "referential_label": "PCI DSS 4.0", | 535 | "referential_label": "PCI DSS 4.0", | ||
| 536 | "uuid": "e69ac6c5-0858-4bc1-813c-6b58b7f26add" | 536 | "uuid": "e69ac6c5-0858-4bc1-813c-6b58b7f26add" | ||
| 537 | }, | 537 | }, | ||
| 538 | { | 538 | { | ||
| 539 | "category": "A1 - Additional PCI DSS Requirements for Multi-Tenant Service Providerss", | 539 | "category": "A1 - Additional PCI DSS Requirements for Multi-Tenant Service Providerss", | ||
| 540 | "code": "A1.2", | 540 | "code": "A1.2", | ||
| 541 | "label": "A1.2 Multi-tenant service providers facilitate logging and incident response for all customers.", | 541 | "label": "A1.2 Multi-tenant service providers facilitate logging and incident response for all customers.", | ||
| 542 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 542 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 543 | "referential_label": "PCI DSS 4.0", | 543 | "referential_label": "PCI DSS 4.0", | ||
| 544 | "uuid": "e8e297ed-23f7-4903-be2d-0726a26031cd" | 544 | "uuid": "e8e297ed-23f7-4903-be2d-0726a26031cd" | ||
| 545 | }, | 545 | }, | ||
| 546 | { | 546 | { | ||
| 547 | "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", | 547 | "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", | ||
| 548 | "code": "9.5", | 548 | "code": "9.5", | ||
| 549 | "label": "9.5 Point of interaction (POI) devices are protected from tampering and unauthorized substitution.", | 549 | "label": "9.5 Point of interaction (POI) devices are protected from tampering and unauthorized substitution.", | ||
| 550 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 550 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 551 | "referential_label": "PCI DSS 4.0", | 551 | "referential_label": "PCI DSS 4.0", | ||
| 552 | "uuid": "ec550cfe-4f7e-4b0c-91ee-7ed3846db76a" | 552 | "uuid": "ec550cfe-4f7e-4b0c-91ee-7ed3846db76a" | ||
| 553 | }, | 553 | }, | ||
| 554 | { | 554 | { | ||
| 555 | "category": "Requirement 1: Install and maintain Network Security Controls", | 555 | "category": "Requirement 1: Install and maintain Network Security Controls", | ||
| 556 | "code": "1.5", | 556 | "code": "1.5", | ||
| 557 | "label": "1.5 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated.", | 557 | "label": "1.5 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated.", | ||
| 558 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 558 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 559 | "referential_label": "PCI DSS 4.0", | 559 | "referential_label": "PCI DSS 4.0", | ||
| 560 | "uuid": "efdaa881-863d-470a-b6fb-32b32a671145" | 560 | "uuid": "efdaa881-863d-470a-b6fb-32b32a671145" | ||
| 561 | }, | 561 | }, | ||
| 562 | { | 562 | { | ||
| 563 | "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", | 563 | "category": "Requirement 9: Restrict Physical Access to Cardholder Data.", | ||
| 564 | "code": "9.3", | 564 | "code": "9.3", | ||
| 565 | "label": "9.3 Physical access for personnel and visitors is authorized and managed.", | 565 | "label": "9.3 Physical access for personnel and visitors is authorized and managed.", | ||
| 566 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | 566 | "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e", | ||
| 567 | "referential_label": "PCI DSS 4.0", | 567 | "referential_label": "PCI DSS 4.0", | ||
| 568 | "uuid": "fa1e1209-7b93-43e9-bace-461cbcf0f639" | 568 | "uuid": "fa1e1209-7b93-43e9-bace-461cbcf0f639" | ||
| 569 | } | 569 | } | ||
| 570 | ], | 570 | ], | ||
| 571 | "version": 1 | 571 | "version": 1 | ||
| 572 | } | 572 | } |