PCI Requirement 12.8.3 – Ensure there is an Established Process for Engaging Service Providers
PCI v4.0 - 12.8.3: Establish a Process for Engaging with Third-Party Service Providers
PCI Requirement 12.8.4 and 12.8.5 – Monitor Service Providers’ PCI DSS Compliance Status
PCI Requirement 12.8 – Maintain Policies and Procedures to Manage Service Providers
PCI Requirement 12.8.2 - Service Providers are Responsible for the Security of Cardholder Data
PCI Requirement 12.3.3 – A List of All Such Devices and Personnel with Access
PCI Requirement 12.3.8 – Automatic Disconnect of Sessions for Remote-Access Technologies
PCI Requirement 9.6.3 – Ensure Management Approves All Media Moved from a Secured Area
PCI Requirement 12.5.3 – Establish Security Incident Response and Escalation Procedures
PCI Requirement 12.3.4 – A Method to Accurately Determine Owner, Contact Information, and Purpose
PCI Requirement 12.3.2 – Authentication for Use of the Technology
PCI Requirement 9.9.3 – Provide Training for Personnel to Be Aware of Attempted Tampering of Devices
PCI Requirement 9.8 – Destroy Media When it is no Longer Needed
My Understanding of Scoping and Segmentation PCI DSS 3.2.1
PCI Requirement 9.8.2 – Render CHD on Electronic Media Unrecoverable
PCI Requirement 12.3.5 – Acceptable Uses of the Technology
PCI Requirement 3.1 - Keep Cardholder Data Storage to a Minimum
PCI Requirement 12.3.1 – Explicit Approval by Authorized Parties
PCI Requirement 12.3.9 – Activation of Remote-Access Technologies for Vendors and Business Partners
PCI Requirement 12.4 – Ensure Security Policies & Procedures Define Responsibilities for All
