PCI Requirement 9.6.1 – Classify Media so the Sensitivity of the Data Can Be Determined
PCI Requirement 9.6 – Maintain Control Over the Internal/External Distribution of Any Kind of Media
PCI Requirement 9.6.3 – Ensure Management Approves All Media Moved from a Secured Area
PCI Requirement 9.6.2 – Send the Media by Secured Courier
PCI Requirement 2.1 - Always Change Vendor-Supplied Defaults
PCI Requirement 9.8 – Destroy Media When it is no Longer Needed
PCI Requirement 9.5 – Physically Secure all Media
PCI Requirement 6.1 – Establish a Process to Identify Security Vulnerabilities
PCI Requirement 9.9.2 – Periodically Inspect Device Surfaces to Detect Tampering or Substitution
PCI Requirement 9.9.3 – Provide Training for Personnel to Be Aware of Attempted Tampering of Devices
PCI Requirement 12.8.3 – Ensure there is an Established Process for Engaging Service Providers
PCI Requirement 9.7 – Maintain Strict Control Over the Storage and Accessibility of Media
PCI Requirement 12.8.4 and 12.8.5 – Monitor Service Providers’ PCI DSS Compliance Status
PCI Requirement 9.8.1 – Shred Hard-Copy Materials so CHD Cannot be Reconstructed
PCI Requirement 6.5.9 – Cross-Site Request Forgery
PCI Requirement 10.2.2 – All Actions Taken by Any Individual with Root or Administrative Privileges
PCI Requirement 12.6 – Implement a Formal Security Awareness Program
PCI Requirement 9.9 – Protect Devices That Capture Payment Card Data via Direct Physical Interaction
PCI Requirement 9.9.1 – Maintain an Up-To-Date List of Devices
PCI Requirement 3.3 Mask PAN when Displayed
