Куда я попал?
Framework № PCI DSS 4.0 от 01.03.2022
Payment Card Industry Data Security Standard (RU)
Requirement 3.3.1.1
Для проведения оценки соответствия по документу войдите в систему.
Список требований
Похожие требования
Приказ ФСТЭК России № 21 от 18.02.2013 "Состав и содержание мер по обеспечению безопасности персональных данных, необходимых для обеспечения каждого из уровней защищенности персональных данных":
ОПС.4
ОПС.4 Управление временными файлами, в том числе запрет, разрешение, перенаправление записи, удаление временных файлов
Framework № PCI DSS 4.0 от 01.03.2022 "Payment Card Industry Data Security Standard":
Requirement 3.3.1.1
3.3.1.1
Defined Approach Requirements:
The full contents of any track are not retained upon completion of the authorization process.
Customized Approach Objective:
This requirement is not eligible for the customized approach.
Applicability Notes:
In the normal course of business, the following data elements from the track may need to be retained:
Defined Approach Requirements:
The full contents of any track are not retained upon completion of the authorization process.
Customized Approach Objective:
This requirement is not eligible for the customized approach.
Applicability Notes:
In the normal course of business, the following data elements from the track may need to be retained:
- Cardholder name.
- Primary account number (PAN).
- Expiration date.
- Service code.
To minimize risk, store securely only these data elements as needed for business.
Defined Approach Testing Procedures:
Defined Approach Testing Procedures:
- 3.3.1.1 Examine data sources to verify that the full contents of any track are not stored upon completion of the authorization process.
Purpose:
If full contents of any track (from the magnetic stripe on the back of a card if present, equivalent data contained on a chip, or elsewhere) is stored, malicious individuals who obtain that data can use it to reproduce payment cards and complete fraudulent transactions.
Definitions:
Full track data is alternatively called full track, track, track 1, track 2, and magnetic-stripe data. Each track contains a number of data elements, and this requirement specifies only those that may be retained post-authorization.
Examples:
Data sources to review to ensure that the full contents of any track are not retained upon completion of the authorization process include, but are not limited to:
If full contents of any track (from the magnetic stripe on the back of a card if present, equivalent data contained on a chip, or elsewhere) is stored, malicious individuals who obtain that data can use it to reproduce payment cards and complete fraudulent transactions.
Definitions:
Full track data is alternatively called full track, track, track 1, track 2, and magnetic-stripe data. Each track contains a number of data elements, and this requirement specifies only those that may be retained post-authorization.
Examples:
Data sources to review to ensure that the full contents of any track are not retained upon completion of the authorization process include, but are not limited to:
- Incoming transaction data.
- All logs (for example, transaction, history, debugging, error).
- History files.
- Trace files.
- Database schemas.
- Contents of databases, and on-premise and cloud data stores.
- Any existing memory/crash dump files.
Приказ ФСТЭК России № 17 от 11.02.2013 "Требования о защите информации, не составляющей государственную тайну, содержащейся в государственных информационных системах":
ОПС.4
ОПС.4 Управление временными файлами, в том числе запрет, разрешение, перенаправление записи, удаление временных файлов
Связанные защитные меры
Ничего не найдено
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.