Chapter 10: Procedures and Qualifications

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

CHAPTER 10: PROCEDURES AND QUALIFICATIONS

The PCI SSC mandates the procedures that must be followed in conducting audits and in carrying out scanning procedures. It also lays down specific requirements for qualification as a QSA or an ASV.

PCI DSS Validation Requirements for Qualified Security Assessors (QSAs) v 1.2.

www.pcisecuritystandards.org/documents/qsa_validation_requirements.pdf

To be recognised as a QSA by the PCI SSC, QSAs must meet or exceed the requirements described in the above document and must also execute the QSA Agreement in Appendix A with the PCI Council. Clients can provide feedback on the effectiveness of the QSA.

QSA Feedback Form

www.pcisecuritystandards.org/approved_companies_providers/qsafeedback1.php

QSA feedback is completed online.

PCI DSS Qualified Security Assessors

www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php

www.pcisecuritystandards.org/approved_companies_providers/verify_qsa_employee.php

This list, which is updated on a regular basis, contains contact details for all Qualified Security Assessors, together with information about the markets they serve. Alternatively, you can look up individual assessors in the PSI SSC’s database.

PCI DSS Validation Requirements for Approved Scanning Vendors (ASVs) v 2.0

www.pcisecuritystandards.org/documents/asv_validation_requirements_v2.0.pdf

Recognition as an ASV by the PCI Council requires the ASV, its employees, and its scanning solution to meet or exceed the requirements described above and to execute the ‘PCI ASV Compliance Test Agreement’ set out below with the PCI Council. The companies that qualify are then identified on the PCI SSC’s ASV list on its website.

PCI ASV Compliance Test Agreement Form v 2.0

www.pcisecuritystandards.org/documents/asv_compliance_test_agreement_v2.0.pdf

PCI DSS Approved Scanning Vendors

www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php

This list, which is updated on a regular basis, contains contact details for all approved ASVs. Any ASV that carries out a scan must be on the list at the point that the scan is carried out.

ASV Program Guide v2.0

www.pcisecuritystandards.org/documents/ASV_Program_Guide_v2.pdf

This document provides guidance and requirements applicable to ASVs in the framework of the PCI DSS and associated payment brand data protection programmes. Security scanning companies interested in providing scan services as part of the PCI programme must comply with the requirements set out in this document, and must successfully complete the PCI Security Scanning Vendor Testing and Approval Process.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 10: Procedures and Qualifications

Create new playlist

Sign In

Sign Up

CHAPTER 10: PROCEDURES AND QUALIFICATIONS

Table of Contents for
Chapter 10: Procedures and Qualifications