CHAPTER 10: PROCEDURES AND QUALIFICATIONS

The PCI SSC mandates the procedures that must be followed in conducting audits and in carrying out scanning procedures. It also lays down specific requirements for qualification as a QSA or an ASV.

PCI DSS Validation Requirements for Qualified Security Assessors (QSAs) v 1.2.

www.pcisecuritystandards.org/documents/qsa_validation_requirements.pdf

To be recognised as a QSA by the PCI SSC, QSAs must meet or exceed the requirements described in the above document and must also execute the QSA Agreement in Appendix A with the PCI Council. Clients can provide feedback on the effectiveness of the QSA.

QSA Feedback Form

www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors_feedback

QSA feedback is completed online.

PCI DSS Qualified Security Assessors

www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors

This list, which is updated on a regular basis, contains contact details for all Qualified Security Assessors, together with information about the markets they serve. Alternatively, you can look up individual assessors in the PSI SSC’s database.

PCI DSS Validation Requirements for Approved Scanning Vendors (ASVs) v 2.0

www.pcisecuritystandards.org/documents/asv_validation_requirements_v2.0.pdf

Recognition as an ASV by the PCI Council requires the ASV, its employees, and its scanning solution to meet or exceed the requirements described above and to execute the ‘PCI ASV Compliance Test Agreement’ set out below with the PCI Council. The companies that qualify are then identified on the PCI SSC’s ASV list on its website.

PCI ASV Compliance Test Agreement Form v 2.0

www.pcisecuritystandards.org/documents/asv_compliance_test_agreement_v2.0.pdf

PCI DSS Approved Scanning Vendors

www.pcisecuritystandards.org/assessors_and_solutions/approved_scanning_vendors

This list, which is updated on a regular basis, contains contact details for all approved ASVs. Any ASV that carries out a scan must be on the list at the point that the scan is carried out.

ASV Program Guide v2.0

www.pcisecuritystandards.org/documents/ASV_Program_Guide_v2.pdf

This document provides guidance and requirements applicable to ASVs in the framework of the PCI DSS and associated payment brand data protection programmes. Security scanning companies interested in providing scan services as part of the PCI programme must comply with the requirements set out in this document, and must successfully complete the PCI Security Scanning Vendor Testing and Approval Process.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.164.216