Loading...
HomeMy WebLinkAboutLeaseLAG-24-003   ƉƉƌŽǀĞĚďLJŚĞƌLJůĞLJĞƌǀŝĂĞŵĂŝůϰͬϮϲͬϮϬϮϰ PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page i PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 1 Payment Card Industry Data Security Standard (PCI DSS) Requirements and Testing Procedures PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 2 it is not clear whether a category could apply to the assessed service, consult with the entity(ies) to which this AOC will be submitted. PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 3 PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 4 For example: Connections into and out of the cardholder data environment (CDE). PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 5 Critical system components within the CDE, such as POI devices, databases, web servers, etc., and any other necessary payment components, as applicable. System components that could impact the security of account data. Example: Data centers 3 Boston, MA, USA PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 6 PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 7 () Requirement 12.8 applies to all entities in this list. PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 8 Indicate below all responses provided within each principal PCI DSS requirement. PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 9 This is the first date that evidence was gathered, or observations were made. This is the last date that evidence was gathered, or observations were made. PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 10 (Date of Report as noted in the ROC 2024-02-07) (select one) (Service Provider Company Name) (Service Provider Company Name) If selected, complete the following: PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 11 PCI DSS Signature of Service Provider Executive Officer Signature of Lead QSA Signature of Duly Authorized Officer of QSA Company 07-Feb-2024 07-Feb-2024 PCI DSS v4.0 Attestation of Compliance for Report on Compliance - Service Providers r1 December 2022 © 2006 - 2022 PCI Security Standards Council, LLC. All rights reserved. Page 12 Only complete Part 4 upon request of the entity to which this AOC will be submitted, and only if the Assessment has Non-Compliant results noted in Section 3.