Payment Card Industry (pci) pin transaction Security (pts) Hardware Security Module (hsm) Modular Evaluation Vendor Questionnaire
Download 0.91 Mb.
|
- Navigate this page:
- Document Changes
- Note to Assessors
Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Evaluation Vendor Questionnaire Version 3.0 June 2016 Document Changes
Note to AssessorsWhen protecting this document for use as a form, leave Sections 5 and 7 (Annex B and “Device Diagrams”) unprotected to allow for insertion of appropriate diagrams and reports. Under “Tools / Protect Document,” select “Forms” then “Sections,” and un-check Sections 5 and 7 as illustrated below. 
Table of Contents Document Changes 2 Document Changes 2 Note to Assessors 3 Note to Assessors 3 Related Publications 5 Related Publications 5 Questionnaire Instructions 8 Questionnaire Instructions 8 1.Complete the information below for the device being evaluated. 8 2.Identify all sections of the questionnaire corresponding to those questions in the form of the PCI Hardware Security Module (HSM) Modular Security Requirements (“HSM Modular Security Requirements”) for which you answered “YES.” 8 3.Complete each item in those identified sections. 8 4.Provide sufficient detail to thoroughly describe the device attribute or function. 8 5.Refer to and provide additional documentation as necessary. 8 6.Vendor must provide detail in the comments section for all “N/A” answers 8 Evaluation Module 1: Core Requirements 10 Evaluation Module 1: Core Requirements 10 A – Physical Security Characteristics 10 Section A1 11 14
Section A2 15 Section A3 17 Section A4 21 Section A5 23 B – Logical Security Characteristics 26 Section B1 27 30 Section B2 31 Section B3 34 Section B4 35 Section B4.1 36 Section B5 38 Section B6 39 Section B7 41 Section B8 44 Section B9 46 Section B10 47 Section B11 49 Section B12 53 Section B13 54 Section B14 56 Section B15 57 Section B16 58 Section B17 59 Section B18 62 Section B19 63 Section B20 64 C – Policy and Procedures 65 Section C1 66
D – Key-Loading Devices 67 Section D1 68 Section D2 69 Section D3 70 Section D4 71 Section D5 72
E – Logical Security 74 Section E1 75 Section E2 76 F – Devices with Message Authentication Functionality 77 Section F1 78 Section F2 79 Section F3 80 Section F4 81 G – Devices with Key-Generation Functionality 82 Section G1 83 Section G2 84 Section G3 85 Section G4 86 H – Devices with Digital Signature Functionality 87 Section H1 88 Section H2 89
I – Device Management Security Requirements during Manufacturing 90 Section I1 91 Section I2 92 Section I3 93 Section I4 94 Section I5 95 Section I6 96 Section I7 97 Section I8 98 J – Device Management Security Requirements between Manufacturer and Facility of Initial Deployment 99 Section J1 100 Section J2 101 Section J3 102 Section J4 103 Section J5 104 Section J6 105 Section J7 106 Section J8 107 Annex A: DTR Templates 108 Annex A: DTR Templates 108 Annex B: Device Diagrams and Test Reports 114 Annex B: Device Diagrams and Test Reports 114 Device Diagrams (Optional) 116 Device Diagrams (Optional) 116 Directory: documents documents -> Concept stage documents -> Concept stage documents -> The great global switch-off documents -> Nonprofit grant application documents -> The Truth about the Rwandan Genocide documents -> Annual InStructional unit plan documents -> Chaos equipment included Download 0.91 Mb. Share with your friends:
|