PCI Requirement 12.3.10 – Prohibit the Moving of Cardholder Data onto Local Hard Drives
PCI Requirement 12.3.6 – Acceptable Network Locations for the Technologies
PCI Requirement 12.3.2 – Authentication for Use of the Technology
PCI Requirement 12.3.9 – Activation of Remote-Access Technologies for Vendors and Business Partners
PCI Requirement 12.3.3 – A List of All Such Devices and Personnel with Access
PCI Requirement 12.3.5 – Acceptable Uses of the Technology
PCI Requirement 12.3.8 – Automatic Disconnect of Sessions for Remote-Access Technologies
Policy to Prohibit Cardholder Data on Remote Technology
PCI Requirement 10.8 –Implement a Process for the Detection of Failures of Critical Control Systems
PCI Requirement 12.10.2 – Review and Test the Plan at Least Annually
PCI Requirement 12.9 – Service Providers are Responsible for the Security of Cardholder Data
PCI Requirement 3.1 - Keep Cardholder Data Storage to a Minimum
Establishing the Scope of your Cardholder Data Environment
PCI DSS 3.2: Req. 6.4.6
PCI Requirement 12.6.2 – Require Personnel to Read and Understand Security Policies and Procedures
PCI Requirement 12.8.3 – Ensure there is an Established Process for Engaging Service Providers
PCI Requirement 3.5.3 Store Secret and Private Keys Used to Encrypt/decrypt Cardholder Data
PCI Requirement 3.5 Document & implement procedures to protect keys
PCI Requirement 11.5 – Deploy a Change-Detection Mechanisms to Alert Personnel
PCI Requirement 6.3.2 – Review Custom Code Prior to Release
