PCI Requirement 9.9.2 – Periodically Inspect Device Surfaces to Detect Tampering or Substitution
PCI Requirement 9.9.3 – Provide Training for Personnel to Be Aware of Attempted Tampering of Devices
PCI Requirement 9.9 – Protect Devices That Capture Payment Card Data via Direct Physical Interaction
PCI Paula
PCI Requirement 9.6.2 – Send the Media by Secured Courier
PCI Requirement 9.5 – Physically Secure all Media
PCI Requirement 12.8.3 – Ensure there is an Established Process for Engaging Service Providers
PCI Requirements 3.2.1, 3.2.2 & 3.2.3 Do Not Store Tracks, Codes or PINs After Authorization
PCI Requirement 9.8 – Destroy Media When it is no Longer Needed
PCI Requirement 9.7 – Maintain Strict Control Over the Storage and Accessibility of Media
PCI Requirement 9.6.1 – Classify Media so the Sensitivity of the Data Can Be Determined
PCI Requirement 12.8.4 and 12.8.5 – Monitor Service Providers’ PCI DSS Compliance Status
PCI Requirement 11 - Regularly Test Security Systems & Processes
PCI Requirement 12.3.1 – Explicit Approval by Authorized Parties
PCI Requirement 9.6 – Maintain Control Over the Internal/External Distribution of Any Kind of Media
PCI Requirement 12.8.2 - Service Providers are Responsible for the Security of Cardholder Data
PCI Requirement 12.6 – Implement a Formal Security Awareness Program
PCI Requirement 9.8.2 – Render CHD on Electronic Media Unrecoverable
PCI Requirement 11.2.1 – Perform Quarterly Internal Vulnerability Scans
PCI Requirement 12.10.1 – Create the Incident Response Plan to Be Implemented