{"id":9214,"date":"2017-02-06T13:29:00","date_gmt":"2017-02-06T12:29:00","guid":{"rendered":"https:\/\/usd.formwandler.rocks\/pci-3-2-requirement_merchant\/"},"modified":"2021-07-01T18:12:12","modified_gmt":"2021-07-01T16:12:12","slug":"pci-3-2-requirement_merchant","status":"publish","type":"post","link":"https:\/\/www.usd.de\/en\/pci-3-2-requirement_merchant\/","title":{"rendered":"Two added Requirements for SAQ B-IP and C-VT"},"content":{"rendered":"\n<p>Within Revision 1.1 of the PCI DSS 3.2 (obligatory 01st October 2017) some requirements have been added for Merchants with the following payment processes:<br>1) Merchants with Web-Based Virtual Payment Terminals \u2013 No Electronic Cardholder Data Storage (SAQ C-VT)<br>2) Merchants with Standalone, IP-Connected PTS Point-of-Interaction (POI) Terminals \u2013 No Electronic Cardholder Data (SAQ B-IP)<br>The two added requirements are&nbsp;<strong>8.3.1 multi-factor authentication<\/strong>&nbsp;and&nbsp;<strong>11.3.4 test of segmentation methods<\/strong>. There are now part of the SAQs B-IP and C-VT. Requirement 8.3.1 is handled as Best Practice till January the 31th, after that it is going to be obligatory.<br>In the original text:<br><strong>Added Requirement 8.3.1<\/strong><br>Is multi-factor authentication incorporated for all nonconsole access into the CDE for personnel with administrative access? Note: This requirement is a best practice until January 31, 2018, after which it becomes a requirement.<br>In the original text:<br><strong>Added Requirement 11.3.4<\/strong><br>If segmentation is used to isolate the CDE (Cardholder Data Environment) from other networks:<br>(a) Are penetration-testing procedures defined to test all segmentation methods, to confirm they are operational and effective, and isolate all out-of-scope systems from systems in the CDE?<br>(b) Does penetration testing to verify segmentation controls meet the following?<br>\u2022 Performed at least annually and after any change to segmentation controls\/methods<br>\u2022 Covers all segmentation controls\/methods in use<br>\u2022 Verifies that segmentation methods are operational and effective, and isolate all out-of-scope systems from systems in the CDE.<br>\u2022 Examine results from the most recent penetration test<br>(c) Are tests performed by a qualified internal resource or qualified external third party, and if applicable, does organizational independence of the tester exist (not required to be a QSA or ASV)?<br>Any questions? Talk to us. We\u2018ll be happy to help you. +49 6102 8631-90. E-mail: pci@usd.de.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Within Revision 1.1 of the PCI DSS 3.2 (obligatory 01st October 2017) some requirements have been added for Merchants with the following payment processes:1) Merchants with Web-Based Virtual Payment Terminals \u2013 No Electronic Cardholder Data Storage (SAQ C-VT)2) Merchants with Standalone, IP-Connected PTS Point-of-Interaction (POI) Terminals \u2013 No Electronic Cardholder Data (SAQ B-IP)The two added [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":9215,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[373,394],"tags":[],"class_list":["post-9214","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-en","category-pci-en"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/9214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=9214"}],"version-history":[{"count":0,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/9214\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/9215"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=9214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/categories?post=9214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/tags?post=9214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}