| DOCUMENT NAME | | ------------------------------------------------------------------------------------------------------------------------------------------------------ | | [[1.1.1 evidence set]]Requirement 1.1.1. Security Policies and Operational Procedures Management Verification Interviews | | [[1.1.2 evidence set]]Requirement 1.1.2.b Roles and Responsibilities for Requirement 1 Activities Understanding Verification Interviews | | [[1.2.3 evidence set]]Requirement 1.2.3.b Network Diagrams Accuracy and Update Verification Interviews | | [[1.2.4 evidence set]]Requirement 1.2.4.b Data Flow Diagrams Accuracy and Update Verification Interviews | | [[1.2.7 evidence set]]Requirement 1.2.7.b NSC Configuration Review Frequency Verification Interviews | | [[1.4.5 evidence set]]Requirement 1.4.5.b Internal IP and Routing Information Disclosure Control Verification Interviews | | [[1.5.1 X evidence set]]Requirement 1.5.1.a Dual-Connected Devices Security Controls Implementation Verification Interviews | | [[2.1.1 evidence set]]Requirement 2.1.1. Security Policies and Operational Procedures for Requirement 2 Management Verification Interviews | | [[2.1.2 evidence set]]Requirement 2.1.2.b Roles and Responsibilities for Requirement 2 Activities Understanding Verification Interviews | | [[2.2.1 evidence set]]Requirement 2.2.1.b System Configuration Standards Update Process Verification Interviews | | [[2.2.1 evidence set]]Requirement 2.2.1.c New Systems Configuration Standards Application Verification Interviews | | [[2.2.2 evidence set]]Requirement 2.2.2.c Unused Vendor Default Accounts Management Verification Interviews | | [[2.2.6 evidence set]]Requirement 2.2.6.b System Administrators and Security Managers Knowledge on Security Parameter Settings Verification Interviews | | [[2.2.7 evidence set]]Requirement 2.2.7.d Strong Cryptography Implementation Knowledge Verification Interviews | | [[2.3.2 evidence set]]Requirement 2.3.2. Wireless Encryption Key Management Verification Interviews | | [[3.1.1 evidence set]]Requirement 3.1.1. Security Policies and Operational Procedures for Requirement 3 Management Verification Interviews | | [[3.1.2 evidence set]]Requirement 3.1.2.b Roles and Responsibilities for Requirement 3 Activities Understanding Verification Interviews | | [[3.4.2 evidence set]]Requirement 3.4.2.c Authorized Personnel for PAN Copy and Relocation in Remote-Access Technologies Verification Interviews | | [[3.5.1.3 evidence set]]Requirement 3.5.1.3.b Authentication Factors Independent Storage and Security Verification Interviews | | [[3.6.1.1 evidence set]]Requirement 3.6.1.1. Service Provider Cryptographic Architecture Documentation Verification Interviews | | [[3.7.4 evidence set]]Requirement 3.7.4.b Cryptographic Key Cryptoperiod Expiration Management Verification Interviews | | [[3.7.5 evidence set]]Requirement 3.7.5.b Key Management Processes Implementation Verification Interviews | | [[3.7.6 evidence set]]Requirement 3.7.6.b Manual Cleartext Key Management with Split Knowledge and Dual Control Verification Interviews | | [[3.7.7 evidence set]]Requirement 3.7.7.b Unauthorized Key Substitution Prevention Measures Verification Interviews | | [[4.1.1 evidence set]]Requirement 4.1.1. Security Policies and Operational Procedures for Requirement 4 Management Verification Interviews | | [[4.1.2 evidence set]]Requirement 4.1.2.b Roles and Responsibilities for Requirement 4 Activities Understanding Verification Interviews | | [[5.1.1 evidence set]]Requirement 5.1.1. Security Policies and Operational Procedures for Requirement 5 Management Verification Interviews | | [[5.1.2 evidence set]]Requirement 5.1.2.b Roles and Responsibilities for Requirement 5 Activities Understanding Verification Interviews | | [[5.2.3 evidence set]]Requirement 5.2.3.b Malware Risk Evaluation Process Implementation Verification Interviews | | [[5.2.3.1 evidence set]]Requirement 5.2.3.1.b Periodic Malware Risk Evaluation Process Adherence Verification Interviews | | [[5.3.2.1 evidence set]]Requirement 5.3.2.1.b Periodic Malware Scan Frequency Implementation Verification Interviews | | [[5.3.5 evidence set]]Requirement 5.3.5.b Authorization and Documentation for Anti-Malware Mechanism Alteration Verification Interviews | | [[6.1.1 evidence set]]Requirement 6.1.1. Security Policies and Operational Procedures for Requirement 6 Management Verification Interviews | | [[6.1.2 evidence set]]Requirement 6.1.2.b Roles and Responsibilities for Requirement 6 Activities Understanding Verification Interviews | | Requirement 6.2.2.b Bespoke and Custom Software Development Personnel Training Compliance Verification Interviews | | Requirement 6.2.3.1.b Manual Code Review Implementation in Bespoke and Custom Software Development Verification Interviews | | Requirement 6.2.4. Software Attack Mitigation Techniques Implementation in Bespoke and Custom Software Development Verification Interviews | | Requirement 6.3.1.b Security Vulnerability Management Implementation Verification Interviews | | Requirement 6.4.2. Automated Web Attack Prevention Technical Solution Implementation Verification Interview | | Requirement 6.4.3.b Payment Page Scripts Management in Consumer Browser Verification Interview | | Requirement 6.5.2. PCI DSS Requirements Confirmation in System and Network Changes Verification Interview | | Requirement 6.5.4.b Change Deployment Accountability and Role Separation Verification Interview | | Requirement 6.5.5.b Compliance Verification for Live PANs Usage in Pre-Production Environments Interview | | Requirement 6.5.6.b Test Data and Accounts Removal Verification Interview for Software | | [[7.1.1 evidence set]]Requirement 7.1.1. Security Policies and Procedures for Requirement 7 Management Verification Interviews | | [[7.1.2 evidence set]]Requirement 7.1.2.b Roles and Responsibilities for Requirement 7 Activities Understanding Verification Interviews | | [[7.2.2 evidence set]]Requirement 7.2.2.b Privileged Access Assignment Management Verification Interview | | [[7.2.2 evidence set]]Requirement 7.2.2.c Privileged User Access Assignment Process Verification Interview | | [[7.2.4 evidence set]]Requirement 7.2.4.b User Accounts Review Process Compliance Verification Interview | | [[7.2.5 evidence set]]Requirement 7.2.5.b System and Application Accounts Management Verification Interview | | [[7.2.5.1 evidence set]]Requirement 7.2.5.1.c Periodic Account Review Process Compliance Verification Interview | | [[8.1.1 evidence set]]Requirement 8.1.1. Security Policies and Procedures for Requirement 8 Management Verification Interviews | | [[8.1.2 evidence set]]Requirement 8.1.2.b Roles and Responsibilities for Requirement 8 Activities Understanding Verification Interview | | Requirement 8.2.1.a Unique User ID Assignment Verification Interview | | Requirement 8.2.2.c Shared Authentication Credentials Usage Compliance Verification Interview | | Requirement 8.2.3. Service Provider Unique Authentication for Customer Remote Access Compliance Verification Interview | | Requirement 8.2.5.b Physical Authentication Factors Retrieval for Terminated Users Verification Interview | | Requirement 8.2.6. Inactive User Accounts Management Compliance Verification Interview | | Requirement 8.2.7. Third Party Remote Access Account Management Verification Interview | | Requirement 8.3.8.c User Familiarity with Authentication Policies Procedures Verification Interview | | Requirement 8.3.1.1.b Individual User Authentication Factor Assignment Verification Interview | | [[12.1.1 evidence set]]Requirement 12.1.1. Personnel Information Security Policy Management Interviews | | [[12.1.2 evidence set]]Requirement 12.1.2. Personnel Information Security Policy Management Interviews | | Requirement 12.1.3.b Personnel Information Security Responsibilities Understanding | | Requirement 12.2.1. Personnel Acceptable Use Policy Processes Interviews | | Requirement 12.3.3. Personnel Cryptographic Documentation Review Interviews | | Requirement 12.3.4. Personnel Hardware and Software Review Interviews | | Requirement 12.4.2.b Service Provider Personnel Review Process Interviews | | Requirement 12.5.1.b Inventory Currency Verification Interviews | | Requirement 12.5.2.a Scope Review Procedure Verification Interviews | | Requirement 12.5.2.1.a Service Provider Scope Review Procedure Verification Interviews | | Requirement 12.5.3.b Service Provider Organizational Structure Change Impact Review Process Interviews | | Requirement 12.6.2. Security Awareness Program Compliance Verification Interviews | | Requirement 12.6.3.c Personnel Security Awareness Training Completion Interviews | | Requirement 12.8.3.b TPSP Engagement Due Diligence Process Verification Interviews | | Requirement 12.8.4.b TPSP Compliance Status Monitoring Verification Interviews | | Requirement 12.8.5.b TPSP and Entity PCI DSS Responsibilities Management Verification Interviews | | Requirement 12.10.1.b Incident Response Plan Adherence Verification Interviews | | Requirement 12.10.2. Security Incident Response Plan Annual Review and Testing Verification Interviews | | Requirement 12.10.3. Incident Response Personnel 24/7 Availability Verification Interviews | | Requirement 12.10.4. Incident Response Personnel Training Verification Interviews | | Requirement 12.10.4.1.b Incident Response Personnel Training Frequency Verification Interviews | | Requirement 12.10.6.b Incident Response Plan Update Process Verification Interviews | | Requirement 12.10.7.b Unexpected PAN Detection Incident Response Verification Interviews |