PCI PIN Security v3.1

PIN Security Requirements:
24-1 Instances of secret or private keys, and their key components, that are no longer used or that have been replaced by a new key must be destroyed.
Testing Procedures:
24-1.a Verify documented procedures are in place for destroying secret or private keys and their components that are no longer used or that have been replaced by a new key.
24-1.b Identify a sample of keys and key components that are no longer used or have been replaced. For each item in the sample, interview responsible personnel and examine key-history logs and key-destruction logs to verify that all keys have been destroyed.
24-1.c Examine storage locations for the sample of destroyed keys to verify they are no longer kept. 

PIN Security Requirements:
24-2.1 Keys on all other storage media types in all permissible forms— physically secured, enciphered (except for electronic DB backups of cryptograms), or components—must be destroyed following the procedures outlined in ISO–9564 or ISO–11568.
For example, keys (including components or shares) maintained on paper must be burned, pulped, or shredded in a crosscut shredder.
Testing Procedures:
24-2.1.a Examine documented procedures for destroying keys and confirm that keys on all other storage media types in all permissible forms—physically secured, enciphered, or components—must be destroyed following the procedures outlined in ISO–9564 or ISO–11568.
24-2.1.b Observe key-destruction processes to verify that keys on all other storage media types in all permissible forms—physically secured, enciphered, or components—are destroyed following the procedures outlined in ISO–9564 or ISO–11568. 

PIN Security Requirements:
24-2.2 The key-destruction process must be observed by a third party other than the custodians of any component of that key. I.e., the third party must not be a key custodian for any part of the key being destroyed. The third-party witness must sign an affidavit of destruction, and this affidavit is retained for a minimum of two years.
Testing Procedures:
24-2.2.a Observe the key-destruction process and verify that it is witnessed by a third party other than a key custodian for any component of that key.
24-2.2.b Inspect key-destruction logs and verify that a third-party, non-keycustodian witness signs an affidavit as a witness to the key destruction process. 

PIN Security Requirements:
24-2.3 Key components for keys other than the HSM or KLD MFKs that have been successfully loaded and confirmed as operational must also be destroyed, unless the HSM does not store the encrypted values on a DB but only stores the subordinate keys internal to the HSM. BDKs used in KLDs may also be stored as components where necessary to reload the KLD.
Testing Procedures:
24-2.3.a Verify documented procedures exist for destroying key components of keys once the keys are successfully loaded and validated as operational.
24-2.3.b Observe key-conveyance/loading processes to verify that any key components are destroyed once the keys are successfully loaded and validated as operational.