PCI PIN Security v3.1

PIN Security Requirements:
1-2 Key-injection facilities must only inject keys using equipment that conforms to the requirements for SCDs.
Testing Procedures:
1-2. Examine documented procedures and system documentation to verify that key-injection platforms and systems used for managing cryptographic keys are required to conform to the requirements for SCDs. 

PIN Security Requirements:
1-3 Ensure that all hardware security modules (HSMs) are either: 

PIN Security Requirements:
1-4 The approval listing must match the deployed devices in the following characteristics: 

1-4.a For all PCI-approved HSMs used, examine HSM devices and examine the PCI SSC list of Approved PCI PTS Devices to verify that all of the following device characteristics match the PCI PTS listing for each HSM: 

1-4.b For all FIPS-approved HSMs used, examine HSM devices and review the NIST Cryptographic Module Validation Program (CMVP) list to verify that all of the following device characteristics match the FIPS140-2 or FIPS 140-3 Level 3 (or higher) approval listing for each HSM: 

PIN Security Requirements:
1-5 The KIF platform provider maintains documentation detailing the KIF architecture and key-management flows. The platform provider must: 

1-5.a Interview relevant personnel and examine documentation to verify that procedures exist for maintaining documentation that describes and/or illustrates the architecture of the KIF.
1-5.b Interview relevant personnel and examine documentation that describes and/or illustrates the architecture of the KIF to verify that all KIF components, key-management flows, and personnel interaction with key-management flows are identified and documented.
1-5.c Examine the key-management flows and interview personnel to verify: