PCI PIN Security v3.1

PIN Security Requirements:
21-1 Secret or private keys must only exist in one or more of the following forms: 

PIN Security Requirements:
21-2.1 Knowledge of any one key component/share does not convey any knowledge of any part of the actual cryptographic key.
Testing Procedures:
21-2.1 Examine processes for creating key components/shares to verify that knowledge of any one key component/share does not convey any knowledge of any part of the actual cryptographic key. 

PIN Security Requirements:
21-2.2 Construction of the cryptographic key requires the use of at least two key components/shares.
Testing Procedures:
21-2.2 Observe processes for constructing cryptographic keys to verify that at least two key components/shares are required for each key construction. 

PIN Security Requirements:
21-2.3 Each key component/share has one or more specified authorized custodians.
Testing Procedures:
21-2.3.a Examine documented procedures for the use of key components/shares and interview key custodians and key-management supervisory personnel to verify that each key component/share is assigned to a specific individual, or set of individuals, who are designated as key custodians for that component/share.
21-2.3.b Observe key-component/share access controls and key-custodian authorizations/assignments to verify that all individuals with access to key components/shares are designated as key custodians for those components/shares. 

PIN Security Requirements:
21-2.4 Procedures exist to ensure that no custodian ever has access to sufficient key components or shares of a secret or private key to reconstruct a cryptographic key.
For example, in an m-of-n scheme (which must use a recognized secretsharing scheme such as Shamir), where only two of any three shares are required to reconstruct the cryptographic key, a custodian must not have current or prior knowledge of more than one share. If a custodian was previously assigned share A, which was then reassigned, the custodian must not then be assigned share B or C, as this would give them knowledge of two shares, which gives them ability to recreate the key.
In an m-of-n scheme where n=5 and where three shares are required to reconstruct the cryptographic key, a single custodian may be permitted to have access to two of the key shares (for example, share A and share B); and a second custodian (with, in this example, share C) would be required to reconstruct the final key, ensuring that dual control is maintained
Testing Procedures:
21-2.4.a Examine documented procedures for the use of key components/shares to verify that procedures ensure that any custodian never has access to sufficient key components or shares to reconstruct a secret or private cryptographic key.
21-2.4.b Examine key-component/share access controls and access logs to verify that authorized custodians cannot access sufficient key components or shares to reconstruct a secret or private cryptographic key. 

PIN Security Requirements:
21-3.1 Key components that exist in clear text outside of an SCD must be sealed in individual opaque, pre-numbered, tamper-evident, authenticable packaging that prevents the determination of the key component without noticeable damage to the packaging.
Note: Tamper-evident, authenticable packaging—opacity may be envelopes within tamper-evident packaging—used to secure key components must ensure that the key component cannot be determined. For components written on paper, opacity may be sufficient, but consideration must be given to any embossing or other possible methods to “read” the component without opening of the packaging. Similarly, if the component is stored on a magnetic card, or other media that can be read without direct physical contact, the packaging should be designed to prevent such access to the key component.
Testing Procedures:
21-3.1.a Examine key components and storage locations to verify that components are stored in opaque, pre-numbered, tamper-evident packaging that prevents the determination of the key component without noticeable damage to the packaging.
21-3.1.b Inspect any tamper-evident packaging used to secure key components—e.g., is the package sufficiently opaque to prevent reading of a component—and ensure that it prevents the determination of the key component without visible damage to the packaging.
21-3.1.c Ensure clear-text key components do not exist in non-secure containers such as databases or in software programs.
21-3.1.d Confirm that start-up instructions and other notes used by service technicians do not contain initialization-key values written in the clear (e.g., at the point in the checklist where the keys are entered). 

PIN Security Requirements:
21-3.2 Key components/shares for each specific custodian must be stored in a separate, secure container that is accessible only by the custodian and/or designated backup(s).
Note: Furniture-based locks or containers with a limited set of unique keys— for example, desk drawers—are not sufficient to meet this requirement. Components/shares for a specific key that are stored in separate envelopes, but within the same secure container, place reliance upon procedural controls and do not meet the requirement for physical barriers
Testing Procedures:
21-3.2 Inspect each key component/share storage container and verify the following: 

PIN Security Requirements:
21-3.3 If a key component/share is stored on a token, and an access code (e.g., a PIN or similar access-control mechanism) is used to access the token, only that token’s owner⎯or designated backup(s)⎯must have possession of both the token and its access code.
Testing Procedures:
21-3.3 Interview responsible personnel and observe implemented processes to verify that if a key is stored on a token, and an access code (PIN or similar mechanism) is used to access the token, only that token’s owner—or designated backup(s)—has possession of both the token and its access code.