1.4 持卡人数据环境(CDE,Cardholder Data Environment) 存储、处理或传输持卡人数据或敏感验证数据的人员、流程或技术。 2、适用场景 PCI DSS 标准适用于接受、处理、存储或传输持卡人数据的任何企业,因此以下类型的企业必须满足该标准的要求: 各种规模的商家 金融机构 支付服务提供商,包括硬件和软件提供商 销售点 (...
PCI数据安全标准(DSS:Data Security Standard)提供了保障敏感信息安全性的产业工具和方法的通用集合。标准的原型来自于VISA的客户信息安全(AIS:Account Information Security)/ 持卡人信息安全(CISP:Cardholder Information Security)体系和MasterCard的站点数据保护(SDP:Site Data Protection)体系,该安全标准提供了可靠性较高...
Cardholder 持卡人 - 持有已发行的卡或授权使用该卡的客户。 术语和缩略语 2 术语定义 Cardholder data 持卡人数据 – 全磁条或PAN及以下信息: 持卡人姓名 有效日期 服务代码 Cardholder data environment Card Validation Value or Code Compensating controls 持卡人数据环境 – 处理持卡人数据或机密认证数据的计...
持卡人数据环境(Cardholder data environment) 持卡人数据环境包含存储、处理 、 或传输持卡人数据(CHD)或敏感验证数据(SAD)的人员、流程和技术。 “系统组件”包括网络设备、服务器、计算设备和应用程序。系统组件示例包括但不限于: ▪ 提供安全服务(例如验证服务器)、方便分段(例如内部防火墙)或可能影响 CDE 安...
PCI DSS applies wherever cardholder data (CHD) and/or sensitive authentication data (SAD) is stored, processed or transmitted, irrespective of whether it is pre-authorization or post-authorization. There are no specific rules in PCI DSS regarding how long CHD or SAD can be stored prior to auth...
https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/How-does-encrypted-cardholder-data-impact-PCI-DSS-scope?q=how+does+encrypted+data+impact+the+scope&l=en_US&fs=Search& It says: The following are each in scope for PCI DSS: Systems performing encryption...
源自: PCI DSS v3.2.1 page 8 为什么需要数据流图? The creation of network and data flow diagram(s) that define the CDE (Cardholder Data Environment diagrams) is one of the most important first steps for any organisation trying to determine Account Data use across their people, locations, func...
ApplicabilityApplicabilityClarifiedthatsomePCIDSSrequirementsmayapplyguidance InformationInformationforentitiesthatdonotstore,process,ortransmit primaryaccountnumber(PAN). Clarifiedthattermsaccountdata,sensitive authenticationdata(SAD),cardholderdata,andPAN arenotinterchangeableandareusedintentionallyin ...
In this course, PCI DSS: The State of Cardholder Data Attacks, John Elliott and Aaron Willis dive into data breaches and the development of the PCI DSS. Learn all about the criminals’ ways of working from an experienced PFI, discover the control failures that typically give criminals the opp...