Filetype Excel XLSX | Posted on 08 Jul 2022 | 3 years ago
Authentication
digital resources
219x Filetype XLSX File size 0.33 MB Source: www.pcisecuritystandards.org
Sheet 1: Instructions
| PCI Security Standards Council Prioritized Approach Tool | ||||||||
| Release Notes & Instructions | ||||||||
| June 2018 | ||||||||
| Contents: 2 spreadsheets (see tabs at bottom of this page) | ||||||||
| · Prioritized Approach Milestones | ||||||||
| · Prioritized Approach Summary | ||||||||
| Purpose: | ||||||||
| Tool for tracking progress toward compliance with PCI DSS by using the Prioritized Approach. Also provides a sorting tool to analyze progress by PCI DSS requirement, milestone category, or milestone status. | ||||||||
| Step 1: | ||||||||
| Please indicate "Yes", "No", or "N/A" in Column C of the “Prioritized Approach Milestones” spreadsheet tab. This step will auto-populate the “percentage complete” fields on the “Prioritized Approach Summary” spreadsheet tab. | ||||||||
| Step 2: | ||||||||
| Analyze results. Use the “filter” functions on column headers of the “Prioritized Approach Milestones” spreadsheet tab to select any of the six milestones. | ||||||||
| Step 3: | ||||||||
| Complete the contact information on the "Prioritized Approach Summary" tab. You may share this document with your acquirer or Qualified Security Assessor to provide an assessment of progress your organization has completed toward PCI DSS compliance. You may also manually enter an estimated completion date for each milestone phase. Check with your acquirer for specific submission instructions. | ||||||||
| IMPORTANT NOTE ABOUT ACHIEVING PCI DSS COMPLIANCE: | ||||||||
| Achieving PCI DSS compliance requires an organization to successfully meet ALL applicable PCI DSS requirements, regardless of the order in which they are satisfied, or whether the organization seeking compliance follows the PCI DSS Prioritized Approach. The Prioritized Approach is a tool provided to assist organizations seeking to achieve compliance, but it does not, and is not intended in any manner to, modify or abridge the PCI DSS or any of its requirements. | ||||||||
| All information published by PCI SSC for the Prioritized Approach is subject to change without notice. PCI SSC is not responsible for errors or damages of any kind resulting from the use of the information contained therein. PCI SSC makes no warranty, guarantee, or representation as to the accuracy or sufficiency of the information provided as part of the Prioritized Approach, and PCI SSC assumes no responsibility or liability regarding the use or misuse of such information. | ||||||||
| Part 1: Merchant or Service Provider Information | Part 2a: Merchant Business (Check all that apply) | ||||||
| Company Name | |||||||
| DBA(s) | |||||||
| Contact Name | |||||||
| Title | |||||||
| Phone | |||||||
| Part 2b: Services Provider Business (Check all that apply) | |||||||
| Business Address | |||||||
| City | |||||||
| State/Province | |||||||
| Country | |||||||
| Zip | |||||||
| Company URL | |||||||
| List facilities and locations included in PCI DSS Review: | |||||||
| Part 3: Relationships | |||||||
| Does your company have a relationship with one or more third-party agents (Ex: gateways, web-hosting companies, airline booking agents, loyalty program agents, etc)? | |||||||
| Does your company have a relationship with more than one acquirer? | |||||||
| Part 4: Transaction Processing | |||||||
| Payment Application in use | |||||||
| Payment Application Version | |||||||
| Milestone | Goals | Percent Complete | Estimated Date for Completion of Milestone | ||||
| 1 | Remove sensitive authentication data and limit data retention. This milestone targets a key area of risk for entities that have been compromised. Remember – if sensitive authentication data and other cardholder data are not stored, the effects of a compromise will be greatly reduced. If you don't need it, don't store it | 0.0% | |||||
| 2 | Protect systems and networks, and be prepared to respond to a system breach. This milestone targets controls for points of access to most compromises, and the processes for responding. | 0.0% | |||||
| 3 | Secure payment card applications. This milestone targets controls for applications, application processes, and application servers. Weaknesses in these areas offer easy prey for compromising systems and obtaining access to cardholder data. | 0.0% | |||||
| 4 | Monitor and control access to your systems. Controls for this milestone allow you to detect the who, what, when, and how concerning who is accessing your network and cardholder data environment. | 0.0% | |||||
| 5 | Protect stored cardholder data. For those organizations that have analyzed their business processes and determined that they must store Primary Account Numbers, Milestone Five targets key protection mechanisms for that stored data. | 0.0% | |||||
| 6 | Finalize remaining compliance efforts, and ensure all controls are in place. The intent of Milestone Six is to complete PCI DSS requirements, and to finalize all remaining related policies, procedures, and processes needed to protect the cardholder data environment. | 0.0% | |||||
| Overall | 0.0% | ||||||
| An entity submitting this form may be required to complete an Action Plan. Check with your acquirer or the payment brand(s), since not all payment brands require this section. | |||||||
| Part 5: Target Date for Achieving Full PCI DSS Compliance | Date | ||||||
| Part 6: Merchant or Service Provider Acknowledgements | |||||||
| Signature of Executive Officer | Date | ||||||
no reviews yet
Please Login to review.
