PCI Requirement 12.8.2 - Service Providers are Responsible for the Security of Cardholder Data
PCI v4.0 - 12.8.2: Maintain Written Requirements with Third-Party Service Providers
PCI Requirement 12.8.3 – Ensure there is an Established Process for Engaging Service Providers
PCI Requirement 12.8 – Maintain Policies and Procedures to Manage Service Providers
PCI Requirement 12.8.4 and 12.8.5 – Monitor Service Providers’ PCI DSS Compliance Status
Introduction to PCI Requirement 2
PCI Requirement 12.8 & 12.8.1 – Manage Service Providers with Cardholder Data Access
PCI Requirement 12.6.2 – Require Personnel to Read and Understand Security Policies and Procedures
PCI Requirement 9.9.2 – Periodically Inspect Device Surfaces to Detect Tampering or Substitution
PCI Requirement 12.9 – Service Providers are Responsible for the Security of Cardholder Data
PCI Requirement 12.5 – Assign Information Security Management Responsibilities to a Team
PCI Requirement 12.5.3 – Establish Security Incident Response and Escalation Procedures
PCI Requirement 8.6 – Authentication Mechanisms Must Not Be Shared Among Multiple Accounts
PCI Requirement 12.3.1 – Explicit Approval by Authorized Parties
What to Include in a Written Contract with Service Providers
PCI Requirements 3.2.1, 3.2.2 & 3.2.3 Do Not Store Tracks, Codes or PINs After Authorization
PCI Requirement 11.2.2 – Perform Quarterly External Vulnerability Scans
PCI Requirement 12.4.1 – Executive Management Shall Establish Responsibility
PCI Requirement 12.6 – Implement a Formal Security Awareness Program
PCI Requirement 9.7 – Maintain Strict Control Over the Storage and Accessibility of Media