Professional Documents
Culture Documents
Topic Question ControlCase Reference Response Uploaded Status CC Comments Assessor Client Comments Category
Evidences
1 / 71
by clicking n,payment
the application
"Upload s / pci
Files" scope web
button and
below or software a
by pplications,
"Dragging POS (Point
and Of Sale) De
Dropping" vices,atm /
the files kiosk,scopi
below. ng,Scoping
,soc2_scopi
ng
2 / 71
additional rust_over_
files. Once 60m_recor
you have ds,saq_a,s
gathered aq_a_ep,sa
the q_b,saq_b_i
informatio p,saq_c,sa
n we q_c_vt,saq_
requested, d_merchan
please t,saq_d_ser
upload it vice_provid
by clicking er,saq_p2p
the e,pcidss_3
"Upload 1,swift,hitr
Files" ust_domai
button n,Firewall,S
below or witch,scopi
by ng,Scoping
"Dragging ,soc2_scopi
and ng
Dropping"
the files
below.
5 5 Scopi Provide a cc5 968::LPB_PCID Incomp Will be checked as per ASV and ,pcidss_32,
ng list of all SS_Question_0 lete Inf External PT reports ei3pa,soc1,
your 5_ver1.0.zip ormati nist_800_5
external IP on 3,nist
addresses high,nist m
and their oderate,nis
function. t low,sca,hi
You must paa,hitrust
use the _10m_to_6
attached te 0m_record
mplate.Ple s,sig_lite,bi
ase click ts_aup_201
on this link 4,iso_2700
to view ad 1_2013_an
ditional nex_a,priv
files to acy_shield,
assist you microsoft_s
with this spa,csa_st
question. It ar,iso_270
may 01_2013_st
contain age_1,iso_
templates, 27001_201
scripts or 3_stage_2,
other nist_800_1
additional 71,nist_cyb
files. Once ersecurity_
you have framework,
gathered ccpa,hitrus
the t_less_than
informatio _10m_reco
n we rds,hitrust_
requested, over_60m_
please records,sa
upload it q_a,saq_a_
by clicking ep,saq_b,s
the aq_b_ip,sa
"Upload q_c,saq_c_
Files" vt,saq_d_m
button erchant,sa
below or q_d_servic
by e_provider,
"Dragging saq_p2pe,p
and cidss_31,s
Dropping" wift,hitrust
the files _domain,,S
below. ecurity,sco
ping,Scopi
ng,
3 / 71
scripts or main,,Fire
other wall,Router
additional ,network,p
files. Once ost-scoping
you have ,Network,
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
4 / 71
or provide
the data in
an
alternative
format.Ple
ase click
on this link
to view ad
ditional
files to
assist you
with this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
9 9 Netw Provide cc9 953::LPB_PCI_ Incomp Configuration for Groups and ,pcidss_32,
ork roles and r Question_9.zip lete Inf Roles will be required from AAA ei3pa,soc1,
esponsibilit ormati or Access Control System sca,nist_cy
ies for man on bersecurity
5 / 71
agement of _framewor
firewall k,ffiec,hitru
and st_over_60
routers. m_records,
You may saq_d_mer
use the chant,saq_
attached d_service_
template provider,pc
or provide idss_31,hitr
the ust_domai
required n,,network,
informatio post-scopin
n in an g,Network,
alternative
format.Ple
ase click
on this link
to view ad
ditional
files to
assist you
with this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
6 / 71
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
7 / 71
other records,sa
traffic, for q_a_ep,saq
all firewall( _b_ip,saq_c
s)/router(s) ,saq_d_mer
in scope. chant,saq_
Please d_service_
provide the provider,pc
screenshot idss_31,hitr
or system ust_domai
generated n,,Firewall,
configurati Router,net
on of the V work,post-s
LANs/interf coping,Net
aces work,
created on
the
firewall(s)/
router(s).
The
attached
template
contains
the sample
.Please
click on
this link to
view additi
onal files
to assist
you with
this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
8 / 71
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
9 / 71
identified 0m_record
DMZ s,saq_a_ep
interface(s) ,saq_b_ip,s
, provide aq_c,saq_d
access _merchant,
control saq_d_serv
list(s) ice_provide
which r,pcidss_31
limits the ,swift,hitru
inbound st_domain,
internet ,Firewall,R
traffic to IP outer,netw
addresses ork,post-sc
within the oping,Netw
DMZ. If ork,
there is
outbound
traffic from
the environ
ment
containing
covered
informatio
n to the
internet,
provide
specific fire
wall/router
access
control
list(s)
which
limits
outbound
traffic to
the
internet.
For such
traffic,
provide
explicit doc
umented
approval. If
covered
informatio
n is stored,
provide
specific fire
wall/router
configurati
on showing
that
covered
informatio
n is stored
in the
internal
network
zone
segregated
from DMZ
and
untrusted
network.
You must
use the
attached te
mplate.Ple
ase click
on this link
to view ad
ditional
files to
assist you
with this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
10 / 71
Dropping"
the files
below.
16 16 Netw Provide cc17 969::LPB_PCID Incomp Required to verify the devices ,pcidss_32,
ork screenshot SS_Question_1 lete Inf (External Firewalls) from soc1,hitrus
for anti- 6_ver1.0.zip ormati Inventory t_10m_to_6
spoofing on 0m_record
access list s,iso_2700
or similar 1_2013_an
settings on nex_a,hitru
external st_over_60
firewall m_records,
and/or saq_a_ep,s
router. The aq_b_ip,sa
attached q_d_merch
template ant,saq_d_
contains service_pro
the vider,pcids
sample. s_31,swift,
Provide the hitrust_do
screenshot main,,Fire
evidence wall,Router
to highlight ,network,p
how ost-scoping
private IP ,Network,
addresses
are
restricted
from
disclosures
to unautho
rized partie
s.Please
click on
this link to
view additi
onal files
to assist
you with
this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
11 / 71
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
12 / 71
following: - m_to_60m_
firmware records,cm
version is s_ars_2_0,i
the latest - so_27001_
strong 2013_anne
encryption x_a,csa_sta
is impleme r,iso_2700
nted for au 1_2013_sta
thenticatio ge_1,iso_2
n and trans 7001_2013
mission - _stage_2,ni
vendor st_800_171
defaults ,hitrust_les
(e.g. Users, s_than_10
SNMP, m_records,
encryption hitrust_ove
protocols r_60m_rec
etc.) are ords,saq_b
changed _ip,saq_c,s
The aq_d_merc
attached hant,saq_d
template _service_pr
contains ovider,pcid
the sample ss_31,swift
.Please ,hitrust_do
click on main,,Wirel
this link to ess Access
view additi Point /
onal files Wireless D
to assist evice,confi
you with guration m
this anagement
question. It ,post-scopi
may ng,Configu
contain ration Man
templates, agement,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
13 / 71
you have ainframe,li
gathered nux,unix,vi
the rtual platfo
informatio rm,worksta
n we tion / lapto
requested, p,database
please ,Wireless
upload it Access
by clicking Point /
the Wireless
"Upload Device,We
Files" b
button Application
below or Firewall,pa
by yment
"Dragging application
and s / pci
Dropping" scope web
the files and
below. software a
pplications,
POS (Point
Of Sale) De
vices,atm /
kiosk,confi
guration m
anagement
,post-scopi
ng,Configu
ration Man
agement,
14 / 71
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
15 / 71
of users, e_2,nist_80
list of 0_171,hitru
running st_over_60
services, m_records,
patches, saq_a_ep,s
password aq_c,saq_d
policy, _merchant,
audit saq_d_serv
logging ice_provide
policy, NTP r,pcidss_31
settings) ,swift,hitru
that clearly st_domain,
outlines ,Firewall,R
secure con outer,Switc
figuration h,ids / ips,
against Windows,m
hardening ainframe,li
standards. nux,unix,vi
The rtual platfo
attached rm,worksta
template tion / lapto
contains p,database
the sample ,Wireless
.Please Access
click on Point /
this link to Wireless
view additi Device,We
onal files b
to assist Application
you with Firewall,pa
this yment
question. It application
may s / pci
contain scope web
templates, and
scripts or software a
other pplications,
additional POS (Point
files. Once Of Sale) De
you have vices,atm /
gathered kiosk,confi
the guration m
informatio anagement
n we ,post-scopi
requested, ng,Configu
please ration Man
upload it agement,
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
16 / 71
onal files b
to assist Application
you with Firewall,re
this mote
question. It access
may technology
contain / vpn devic
templates, e,payment
scripts or application
other s / pci
additional scope web
files. Once and
you have software a
gathered pplications,
the POS (Point
informatio Of Sale) De
n we vices,atm /
requested, kiosk,confi
please guration m
upload it anagement
by clicking ,post-scopi
the ng,Configu
"Upload ration Man
Files" agement,
button
below or
by
"Dragging
and
Dropping"
the files
below.
17 / 71
ata
Encryption
at rest,
18 / 71
s where aq_b_ip,sa
cardholder q_c,saq_d_
data is merchant,s
displayed - aq_d_servi
Business ce_provide
justificatio r,pcidss_31
n where ,Paper
full PAN is Documents
displayed with Card
You must Data,paym
use the ent
attached te application
mplate.Ple s / pci
ase click scope web
on this link and
to view ad software a
ditional pplications,
files to POS (Point
assist you Of Sale) De
with this vices,atm /
question. It kiosk,Medi
may a (tapes /
contain External
templates, HDD / CD-
scripts or DVD
other etc.),data
additional encryption
files. Once at rest,post
you have -scoping,D
gathered ata
the Encryption
informatio at rest,
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
19 / 71
the (Point Of
protection Sale) Devic
of es,atm /
cardholder kiosk,Medi
data, a (tapes /
including External
key HDD / CD-
strength DVD
and expiry etc.),data
date 2. encryption
Function of at rest,post
the each -scoping,D
key used in ata
the crypto Encryption
graphic arc at rest,soc
hitecture. 2_post_sco
3. ping
Inventory
of any
HSMs and
other
secure cry
ptographic
devices
(SCD) used
for key ma
nagement
(to be
provided in
inventory
as part of
Q4) You
must use
the
attached te
mplate.Ple
ase click
on this link
to view ad
ditional
files to
assist you
with this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
20 / 71
secure con ity_framew
figurations ork,ffiec,hit
and rust_less_t
encryption han_10m_r
being used ecords,hitr
for transmi ust_over_6
ssion. 0m_record
Encryption s,saq_a_ep
must ,saq_b_ip,s
conform to aq_c,saq_d
strong _merchant,
industry saq_d_serv
standards. ice_provide
Provide the r,pcidss_31
sample tra ,swift,hitru
nsmission st_domain,
logs of the Firewall,Ro
sample uter,paym
transaction ent
s which application
highlight s / pci
the scope web
encrypted and
data. If a software a
private co pplications,
mmunicati POS (Point
on channel Of Sale) De
is vices,atm /
used(such kiosk,data
as MPLS, encryption
leased line, in transit,p
etc.), ost-scoping
please ,Data
share its c Encryption
onfiguratio in transit,s
n to oc2_post_s
confirm the coping
same. For
this require
ment, you
may use
the
attached m
ethodology
.Please
click on
this link to
view additi
onal files
to assist
you with
this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
21 / 71
standards. an_10m_re
For this req cords,hitru
uirement, st_over_60
you may m_records,
use the saq_a_ep,s
attached m aq_b,saq_b
ethodology _ip,saq_c,s
.Please aq_d_merc
click on hant,saq_d
this link to _service_pr
view additi ovider,pcid
onal files ss_31,hitru
to assist st_domain,
you with email
this server /
question. It mail filter
may device,dat
contain a
templates, encryption
scripts or in transit,p
other ost-scoping
additional ,Data
files. Once Encryption
you have in transit,s
gathered oc2_post_s
the coping
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
22 / 71
with this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
23 / 71
n Sec of ploade nist_800_5
urity reputable d 3,nist
outside high,nist m
sources oderate,nis
(e.g. t low,mars
security e_2_0,sca,s
alerts or ig_lite,cms
threat notif _ars_2_0,bi
ications) to ts_aup_201
identify 4,iso_2700
new 1_2013_an
security vu nex_a,priv
lnerabilitie acy_shield,
s. For the csa_star,is
identified v o_27001_2
ulnerabiliti 013_stage_
es, provide 1,iso_2700
the risk 1_2013_sta
ranking ge_2,nist_8
process. 00_171,nis
The t_cybersec
attached urity_frame
template work,ffiec,s
contains aq_a_ep,sa
the sample q_b_ip,saq_
.Please c,saq_d_m
click on erchant,sa
this link to q_d_servic
view additi e_provider,
onal files pcidss_31,
to assist hitrust_do
you with main,,secu
this rity,Firewal
question. It l,Router,Sw
may itch,Windo
contain ws,mainfra
templates, me,linux,u
scripts or nix,virtual
other platform,w
additional orkstation /
files. Once laptop,data
you have base,ntp s
gathered erver,Wirel
the ess Access
informatio Point /
n we Wireless
requested, Device,We
please b
upload it Application
by clicking Firewall,re
the mote
"Upload access
Files" technology
button / vpn devic
below or e,payment
by application
"Dragging s / pci
and scope web
Dropping" and
the files software a
below. pplications,
POS (Point
Of Sale) De
vices,atm /
kiosk,appli
cation secu
rity,post-sc
oping,Appli
cation
Security,
24 / 71
to assist ds,hitrust_
you with over_60m_
this records,sa
question. It q_a,saq_a_
may ep,saq_b_i
contain p,saq_c,sa
templates, q_d_merch
scripts or ant,saq_d_
other service_pro
additional vider,pcids
files. Once s_31,swift,
you have hitrust_do
gathered main,,Fire
the wall,Router
informatio ,Switch,Wi
n we ndows,mai
requested, nframe,linu
please x,unix,virtu
upload it al platform
by clicking ,workstatio
the n / laptop,d
"Upload atabase,nt
Files" p server,Wi
button reless
below or Access
by Point /
"Dragging Wireless
and Device,We
Dropping" b
the files Application
below. Firewall,re
mote
access
technology
/ vpn devic
e,payment
application
s / pci
scope web
and
software a
pplications,
POS (Point
Of Sale) De
vices,atm /
kiosk,appli
cation secu
rity,post-sc
oping,Appli
cation
Security,
25 / 71
other st-scoping,
additional Application
files. Once Security,
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
37 38 Appli Provide cc57 955::LPB_PCI_ Incomp can be reviewed only when pcidss_32,
catio evidence Question_38.zi lete Inf scoping is given ei3pa,soc1,
n Sec showing p ormati soc2,hitrus
urity that Higher on t_10m_to_6
26 / 71
environme 0m_record
nts(i.e. s,sig_lite,is
production o_27001_2
) and lower 013_annex
environme _a,csa_star
nts (such ,iso_27001
as test/dev _2013_stag
elopment) e_1,iso_27
are 001_2013_
logically stage_2,nis
separated. t_cybersec
You must urity_frame
use the work,ffiec,
attached te hitrust_less
mplate.Ple _than_10m
ase click _records,hi
on this link trust_over_
to view ad 60m_recor
ditional ds,saq_d_
files to merchant,s
assist you aq_d_servi
with this ce_provide
question. It r,pcidss_31
may ,swift,hitru
contain st_domain,
templates, Firewall,Sw
scripts or itch,applica
other tion securit
additional y,post-scop
files. Once ing,Applica
you have tion Securit
gathered y,soc2_pos
the t_scoping
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
27 / 71
by
"Dragging
and
Dropping"
the files
below.
28 / 71
in the m_records,
change saq_a_ep,s
records: - aq_c,saq_d
Change _merchant,
description saq_d_serv
and date - ice_provide
Change r,pcidss_31
approver ,swift,hitru
informatio st_domain,
n - Change ,Windows,
impact mainframe
informatio ,linux,unix,
n - Change virtual plat
testing form,paym
details - ent
Change application
back-out s / pci
plan For a scope web
significant and
change, software a
show how pplications,
impacted application
compliance security,po
requireme st-scoping,
nts were Application
checked, Security,
including
but not
limited to:
1. Network
diagram is
updated to
reflect
changes.
2. Systems
are
configured
per configu
ration
standards,
with all
default
passwords
changed
and unnec
essary
services
disabled.
3. Systems
are
protected
with
required
controls -
e.g., file-
integrity
monitoring
(FIM),
antivirus,
patches,
audit
logging. 4.
In-scope
data to be
protected
(e.g.
Cardholder
data, PII,
classified
informatio
n etc.) is d
ocumented
and incorp
orated into
data-
retention
policy and
procedures
5. New
systems
are
included in
the
quarterly v
ulnerability
scanning
process.
You must
use the
attached te
mplate.Ple
ase click
on this link
to view ad
ditional
files to
assist you
with this
question. It
may
29 / 71
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
30 / 71
use the ovider,pcid
attached te ss_31,swift
mplate.Ple ,hitrust_do
ase click main,,secu
on this link rity,Web
to view ad Application
ditional Firewall,pa
files to yment
assist you application
with this s / pci
question. It scope web
may and
contain software a
templates, pplications,
scripts or application
other security,po
additional st-scoping,
files. Once Application
you have Security,
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
31 / 71
level of shield,micr
access osoft_sspa,
permission iso_27001_
. The 2013_stag
attached e_1,iso_27
template 001_2013_
contains stage_2,nis
the sample t_800_171,
.Please nist_cybers
click on ecurity_fra
this link to mework,ffi
view additi ec,hitrust_l
onal files ess_than_1
to assist 0m_record
you with s,hitrust_o
this ver_60m_r
question. It ecords,saq
may _a_ep,saq_
contain b,saq_b_ip,
templates, saq_c,saq_
scripts or d_merchan
other t,saq_d_ser
additional vice_provid
files. Once er,pcidss_3
you have 1,swift,hitr
gathered ust_domai
the n,,Firewall,
informatio Router,Swi
n we tch,acs/rad
requested, ius,Window
please s,mainfram
upload it e,linux,uni
by clicking x,database
the ,logical acc
"Upload ess,post-sc
Files" oping,Logic
button al Access,
below or
by
"Dragging
and
Dropping"
the files
below.
45 46 Logic Provide cc65 970::LPB_PCID Incomp The form is fine but this is one ,pcidss_32,
al Ac two forms/t SS_Question_4 lete Inf form for account creation of ei3pa,soc1,
cess ickets per 6_ver1.0.zip ormati normal user, please provide nist_800_5
platform on total 6 form ( 3 for privilege 3,nist
(one for account, 3 for normal account) high,nist m
general for creation, deletion and oderate,nis
user and modification activities t low,mars
one for ad e_2_0,sca,
ministrativ hipaa,hitru
e user) st_10m_to_
from the 60m_recor
last six ds,sig_lite,
months for, cms_ars_2_
- User 0,bits_aup_
access 2014,iso_2
creation - 7001_2013
User _annex_a,g
access lba,micros
deletion - oft_sspa,cs
User a_star,iso_
access mo 27001_201
dification. 3_stage_1,i
The so_27001_
attached 2013_stag
template e_2,nist_80
contains 0_171,hitru
the sample st_less_tha
.Please n_10m_rec
click on ords,hitrust
this link to _over_60m
view additi _records,sa
onal files q_a_ep,saq
to assist _c,saq_d_m
you with erchant,sa
this q_d_servic
question. It e_provider,
may pcidss_31,s
contain wift,hitrust
templates, _domain,,Fi
scripts or rewall,Rout
other er,Switch,a
additional cs/radius,
files. Once Windows,m
you have ainframe,li
gathered nux,unix,d
the atabase,e
informatio mail server
n we / mail filter
requested, device,pay
please ment
upload it application
by clicking s / pci
the scope web
"Upload and
Files" software a
button pplications,
32 / 71
below or logical acc
by ess,post-sc
"Dragging oping,Logic
and al Access,
Dropping"
the files
below.
33 / 71
template nt
contains application
the sample s / pci
.Please scope web
click on and
this link to software a
view additi pplications,
onal files logical acc
to assist ess,post-sc
you with oping,Logic
this al Access,
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
48 49 Logic Provide an cc68 956::LPB_PCI_ Under Missing remote access method ,pcidss_32,
al Ac inventory Question_49_5 Evaluat in inventory Please update ei3pa,soc1,
cess of all 4.zip!!~!!983:: ion evidences for: - Procedure for nist_800_5
entities LPB_PCIDSS_Q providing access only when 3,nist
(including uestion_49_ver needed - Access activity high,nist m
vendors & 1.1.zip monitoring reports oderate,nis
third t low,mars
parties) e_2_0,sca,
that hipaa,hitru
provides st_10m_to_
remote 60m_recor
access to ds,sig_lite,
your organi cms_ars_2_
zation and 0,iso_2700
identify 1_2013_an
remote nex_a,glba,
access privacy_shi
methods. eld,nist_cy
For each bersecurity
vendor, _framewor
please k,ffiec,hitru
provide - st_less_tha
Procedure n_10m_rec
for ords,hitrust
providing _over_60m
access _records,sa
only when q_a_ep,saq
needed - _b_ip,saq_c
Access ,saq_d_mer
activity chant,saq_
monitoring d_service_
reportsPlea provider,pc
se click on idss_31,swi
this link to ft,hitrust_d
view additi omain,,rem
onal files ote access
to assist technology
you with / vpn devic
this e,logical ac
question. It cess,post-s
may coping,Logi
contain cal
templates, Access,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
34 / 71
by
"Dragging
and
Dropping"
the files
below.
35 / 71
storage, e_2_0,hipa
encryption a,hitrust_1
is carried 0m_to_60
out on m_records,
passwords cms_ars_2_
(for the 0,bits_aup_
platform 2014,iso_2
and/or 7001_2013
consumer _annex_a,g
application lba,privacy
s). You _shield,iso_
must use 27001_201
the 3_stage_1,i
attached te so_27001_
mplate.Ple 2013_stag
ase click e_2,nist_80
on this link 0_171,hitru
to view ad st_less_tha
ditional n_10m_rec
files to ords,hitrust
assist you _over_60m
with this _records,sa
question. It q_a_ep,saq
may _b_ip,saq_c
contain ,saq_d_mer
templates, chant,saq_
scripts or d_service_
other provider,pc
additional idss_31,swi
files. Once ft,hitrust_d
you have omain,,Fire
gathered wall,Router
the ,Switch,acs
informatio /radius,ids
n we / ips,Windo
requested, ws,mainfra
please me,linux,u
upload it nix,virtual
by clicking platform,d
the atabase,Wi
"Upload reless
Files" Access
button Point /
below or Wireless
by Device,We
"Dragging b
and Application
Dropping" Firewall,re
the files mote
below. access
technology
/ vpn devic
e,payment
application
s / pci
scope web
and
software a
pplications,
logical acc
ess,post-sc
oping,Logic
al Access,
51 52 Logic Provide cc73 971::LPB_PCID Incomp Will review when scoping is ,pcidss_32,
al Ac one SS_Question_5 lete Inf finalized ei3pa,soc1,
cess sample per 2_ver1.0.zip ormati hitrust_10
platform of on m_to_60m_
recent records,iso
password _27001_20
reset requ 13_annex_
ests/forms a,glba,iso_
for users. 27001_201
You must 3_stage_1,i
use the so_27001_
attached te 2013_stag
mplate.Ple e_2,hitrust
ase click _less_than_
on this link 10m_recor
to view ad ds,hitrust_
ditional over_60m_
files to records,sa
assist you q_a_ep,saq
with this _c,saq_d_m
question. It erchant,sa
may q_d_servic
contain e_provider,
templates, pcidss_31,s
scripts or wift,hitrust
other _domain,,lo
additional gical acces
files. Once s,post-scop
you have ing,Logical
gathered Access,
the
informatio
n we
requested,
please
upload it
by clicking
36 / 71
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
52 53 Logic Provide do cc77 972::LPB_PCID Incomp Will review when scoping is ,pcidss_32,
al Ac cumented SS_Question_5 lete Inf finalized ei3pa,soc1,
cess procedures 3_ver1.0.zip ormati hipaa,hitru
for on st_10m_to_
password 60m_recor
change ds,bits_aup
during new _2014,iso_
user 27001_201
creation or 3_annex_a,
for a glba,iso_27
password 001_2013_
reset for all stage_1,iso
platforms _27001_20
in scope. 13_stage_2
For one ,nist_800_1
sample per 71,hitrust_l
platform ess_than_1
provide the 0m_record
screenshot s,hitrust_o
of the ver_60m_r
setting ecords,saq
which _a_ep,saq_
forces the c,saq_d_m
user to erchant,sa
change the q_d_servic
password e_provider,
after the pcidss_31,s
first logon. wift,hitrust
The _domain,,Fi
attached rewall,Rout
template er,Switch,a
contains cs/radius,id
the sample s / ips,Win
.Please dows,mainf
click on rame,linux,
this link to unix,virtual
view additi platform,w
onal files orkstation /
to assist laptop,data
you with base,syslo
this g / siem,Wi
question. It reless
may Access
contain Point /
templates, Wireless
scripts or Device,We
other b
additional Application
files. Once Firewall,re
you have mote
gathered access
the technology
informatio / vpn devic
n we e,payment
requested, application
please s / pci
upload it scope web
by clicking and
the software a
"Upload pplications,
Files" POS (Point
button Of Sale) De
below or vices,atm /
by kiosk,logic
"Dragging al access,p
and ost-scoping
Dropping" ,Logical
the files Access,
below.
53 54 Logic Provide the cc78 957::LPB_PCI_ Under Please update evidences as pcidss_32,
al Ac following Question_49_5 Evaluat requirement: - Procedure that ei3pa,soc1,
cess related to 4.zip!!~!!981:: ion outlines the process of granting soc2,nist_8
remote LPB_PCIDSS_Q remote access as well as the 00_53,nist
access: - uestion_54_ver description of the multi-factor high,nist m
Procedure 1.1.zip authentication technology used oderate,nis
that - List of internal and external t low,mars
outlines users with remote access e_2_0,hipa
the a,hitrust_1
process of 0m_to_60
granting m_records,
remote cms_ars_2_
access as 0,bits_aup_
well as the 2014,glba,
description nist_800_1
of the 71,nist_cyb
multi- ersecurity_
factor auth framework,
entication ffiec,hitrust
37 / 71
technology _less_than_
used - List 10m_recor
of internal ds,hitrust_
and over_60m_
external records,sa
users with q_a_ep,saq
remote _b_ip,saq_c
access You ,saq_d_mer
may use chant,saq_
the d_service_
attached provider,pc
template, idss_31,swi
or provide ft,hitrust_d
the data in omain,rem
an ote access
alternative technology
format.Ple / vpn devic
ase click e,logical ac
on this link cess,post-s
to view ad coping,Logi
ditional cal Access,
files to soc2_post_
assist you scoping
with this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
38 / 71
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
39 / 71
ase click ent
on this link application
to view ad s / pci
ditional scope web
files to and
assist you software a
with this pplications,
question. It logical acc
may ess,post-sc
contain oping,Logic
templates, al Access,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
40 / 71
below or
by
"Dragging
and
Dropping"
the files
below.
58 59 Physi Provide cc84 958::LPB_PCI_ Incomp Please provide sample for ,pcidss_32,
cal S two Question_59.zi lete Inf revoking physical access right ei3pa,soc1,
ecurit samples of p ormati form nist_800_5
y user on 3,nist
access high,nist m
creation oderate,nis
and t low,mars
deletion for e_2_0,sca,
ms/tickets hipaa,hitru
from the st_10m_to_
last six 60m_recor
months ds,cms_ars
that _2_0,bits_a
evidence, - up_2014,is
physical o_27001_2
access 013_annex
allocation _a,glba,pri
to the vacy_shiel
sensitive d,csa_star,i
area is so_27001_
authorized 2013_stag
and as per e_1,iso_27
individual's 001_2013_
job stage_2,nis
function. - t_800_171,
timely nist_cybers
removal of ecurity_fra
physical mework,ffi
access ec,hitrust_
upon over_60m_
terminatio records,sa
n of user. q_d_merch
The ant,saq_d_
attached service_pro
template vider,pcids
contains s_31,swift,
the sample hitrust_do
.Please main,,phys
click on ical securit
this link to y,post-scop
view additi ing,Physica
onal files l Security,
to assist
you with
this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
59 60 Physi Provide cc85 959::LPB_PCI_ Incomp Will review when location and ,pcidss_32,
cal S sample Question_60.zi lete Inf facility scope is finalized ei3pa,soc1,
ecurit records or p ormati nist_800_5
y scanned on 3,nist
copies of high,nist m
visitor log oderate,nis
(for a 90 t low,mars
day period) e_2_0,hipa
for the a,hitrust_1
facility 0m_to_60
/network m_records,
rooms/data cms_ars_2_
centers 0,bits_aup_
that 2014,iso_2
contain: - 7001_2013
The _annex_a,g
visitor's lba,privacy
name - The _shield,csa
date and _star,iso_2
41 / 71
time - The 7001_2013
firm repres _stage_1,is
ented, and o_27001_2
- The 013_stage_
onsite 2,hitrust_le
personnel ss_than_10
authorizing m_records,
physical hitrust_ove
access. r_60m_rec
The ords,saq_d
attached _merchant,
template saq_d_serv
contains ice_provide
the sample r,pcidss_31
.Please ,hitrust_do
click on main,,phys
this link to ical securit
view additi y,post-scop
onal files ing,Physica
to assist l Security,
you with
this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
42 / 71
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
43 / 71
button
below or
by
"Dragging
and
Dropping"
the files
below.
44 / 71
(from 2013_anne
within the x_a,privacy
last year). _shield,mic
The rosoft_sspa
attached ,iso_27001
template _2013_stag
contains e_1,iso_27
the sample 001_2013_
.Please stage_2,nis
click on t_800_171,
this link to nist_cybers
view additi ecurity_fra
onal files mework,ffi
to assist ec,hitrust_l
you with ess_than_1
this 0m_record
question. It s,hitrust_o
may ver_60m_r
contain ecords,saq
templates, _a,saq_a_e
scripts or p,saq_b,sa
other q_b_ip,saq_
additional c,saq_d_m
files. Once erchant,sa
you have q_d_servic
gathered e_provider,
the saq_p2pe,p
informatio cidss_31,hi
n we trust_doma
requested, in,Paper
please Documents
upload it with Card
by clicking Data,physi
the cal security
"Upload ,post-scopi
Files" ng,Physical
button Security,so
below or c2_sample
by _selection,
"Dragging soc2_post_
and scoping
Dropping"
the files
below.
45 / 71
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
46 / 71
Dropping"
the files
below.
47 / 71
additional ersecurity_
files. Once framework,
you have ffiec,hitrust
gathered _less_than_
the 10m_recor
informatio ds,hitrust_
n we over_60m_
requested, records,sa
please q_a_ep,saq
upload it _c,saq_d_m
by clicking erchant,sa
the q_d_servic
"Upload e_provider,
Files" pcidss_31,
button hitrust_do
below or main,,soc,F
by irewall,Rou
"Dragging ter,Switch,
and acs/radius,
Dropping" Windows,m
the files ainframe,li
below. nux,unix,vi
rtual platfo
rm,databas
e,syslog /
siem,ntp
server,Web
Application
Firewall,re
mote
access
technology
/ vpn devic
e,payment
application
s / pci
scope web
and
software a
pplications,
POS (Point
Of Sale) De
vices,atm /
kiosk,loggi
ng and mo
nitoring,po
st-scoping,
Logging
and
Monitoring,
48 / 71
scripts or st-scoping,
other Logging
additional and
files. Once Monitoring,
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
49 / 71
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
50 / 71
question. It ant,saq_d_
may service_pro
contain vider,pcids
templates, s_31,hitrus
scripts or t_domain,,
other security te
additional sting,post-
files. Once scoping,Se
you have curity
gathered Testing,
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
51 / 71
assist you rosoft_sspa
with this ,csa_star,is
question. It o_27001_2
may 013_stage_
contain 1,iso_2700
templates, 1_2013_sta
scripts or ge_2,nist_8
other 00_171,nis
additional t_cybersec
files. Once urity_frame
you have work,ffiec,
gathered hitrust_less
the _than_10m
informatio _records,hi
n we trust_over_
requested, 60m_recor
please ds,saq_c,sa
upload it q_d_merch
by clicking ant,saq_d_
the service_pro
"Upload vider,pcids
Files" s_31,swift,
button hitrust_do
below or main,Secur
by ity,security
"Dragging testing,pos
and t-scoping,S
Dropping" ecurity Tes
the files ting,soc2_p
below. ost_scopin
g
52 / 71
templates, ant,saq_d_
scripts or service_pro
other vider,pcids
additional s_31,swift,
files. Once hitrust_do
you have main,,secu
gathered rity testing,
the post-scopin
informatio g,Security
n we Testing,
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
53 / 71
other ybersecurit
additional y_framewo
files. Once rk,ffiec,hitr
you have ust_over_6
gathered 0m_record
the s,saq_d_m
informatio erchant,sa
n we q_d_servic
requested, e_provider,
please pcidss_31,s
upload it wift,hitrust
by clicking _domain,,S
the ecurity,sec
"Upload urity testin
Files" g,post-sco
button ping,Securi
below or ty Testing,
by
"Dragging
and
Dropping"
the files
below.
54 / 71
on this link m_records,
to view ad hitrust_ove
ditional r_60m_rec
files to ords,saq_a
assist you _ep,saq_d_
with this merchant,s
question. It aq_d_servi
may ce_provide
contain r,pcidss_31
templates, ,swift,hitru
scripts or st_domain,
other soc,ids /
additional ips,security
files. Once testing,pos
you have t-scoping,S
gathered ecurity Tes
the ting,soc2_p
informatio ost_scopin
n we g
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
81 82 HR Provide the cc120 960::LPB_PCI_ Incomp Please update these point: - pcidss_32,
high level Question_82.zi lete Inf how the policy is distributed to ei3pa,soc1,
policy of p ormati the relevant personnel, vendors soc2,nist_8
the manag on and business partners. - any 00_53,nist
55 / 71
ement record to confirm all relevant high,nist m
system person who are read and oderate,nis
(Informatio understand information security t low,mars
n security policy - How to all person can e_2_0,hipa
policy/busi access to read policy or a,hitrust_1
ness document management 0m_to_60
continuity method m_records,
policy/othe cms_ars_2_
r) and how 0,bits_aup_
the policy 2014,iso_2
is 7001_2013
distributed _main,glba
to the ,privacy_sh
relevant ield,csa_st
personnel, ar,iso_270
vendors 01_2013_st
and age_1,iso_
business p 27001_201
artners.Ple 3_stage_2,
ase click nist_cybers
on this link ecurity_fra
to view ad mework,ffi
ditional ec,hitrust_l
files to ess_than_1
assist you 0m_record
with this s,hitrust_o
question. It ver_60m_r
may ecords,saq
contain _a_ep,saq_
templates, b,saq_b_ip,
scripts or saq_c,saq_
other d_merchan
additional t,saq_d_ser
files. Once vice_provid
you have er,saq_p2p
gathered e,pcidss_3
the 1,hitrust_d
informatio omain,Sup
n we port,hr,pos
requested, t-scoping,H
please R,soc2_pos
upload it t_scoping
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
56 / 71
Protection
-Emergenc
y Access
-Emergenc
y Change
-Encryption
Standards
-Incident
Response
and
Escalation
-Password
Configurati
on
-Remote
Access
-Record
Retention,
Protection
and
Disposal
Policy
-SDLC and
Program
Change Ma
nagement:
include doc
umentation
, testing,
and authori
zation requ
irements
-Server / In
frastructur
e Configur
ation
Standards
-Third
Party Enga
gement
-User Ident
ification
and Authe
nticationPl
ease click
on this link
to view ad
ditional
files to
assist you
with this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
57 / 71
. - The 013_stage_
results of 1,iso_2700
the 1_2013_sta
assessmen ge_2,nist_8
t carried 00_171,nis
out (Risk t_cybersec
Assessmen urity_frame
t Report). - work,ffiec,
The risk hitrust_less
treatment _than_10m
plan (risk _records,hi
treatment trust_over_
options, id 60m_recor
entification ds,saq_b_i
of required p,saq_d_m
controls. - erchant,sa
Evidence q_d_servic
of the e_provider,
Informatio saq_p2pe,p
n Security cidss_31,s
Risk wift,hitrust
Treatment _domain,,ri
Plan's sk assessm
approval ent,post-sc
and oping,Risk
acceptance Assessmen
of the t,
residual
informatio
n security
risks. - The
privacy risk
assessmen
t, covering
the risk
related to
the mainte
nance and
processing
of PII. - (For
27001
only) The
Statement
of Applicab
ilityPlease
click on
this link to
view additi
onal files
to assist
you with
this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
58 / 71
period of ecords,saq
inactivity. _c,saq_d_m
The erchant,sa
attached q_d_servic
template e_provider,
contains pcidss_31,s
the sample wift,hitrust
Please _domain,,r
click on emote
this link to access
view additi technology
onal files / vpn devic
to assist e,policies
you with and proced
this ures,post-s
question. It coping,Poli
may cies and Pr
contain ocedures,
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
59 / 71
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
86 87 Polici Provide an cc128 962::LPB_PCI_ Incomp Wrong evidences have been ,pcidss_32,
es organizatio Question_87.zi lete Inf shared, please update again ei3pa,soc1,
and P n chart (or p ormati nist_800_5
roced equivalent on 3,nist
ures documenta high,nist m
tion) which oderate,nis
clearly t low,mars
outlines e_2_0,sca,
the hitrust_10
Informatio m_to_60m_
n Security records,sig
roles and r _lite,gdpr,c
esponsibilit ms_ars_2_
y for all 0,iso_2700
personnel. 1_2013_an
Also, nex_a,iso_
provide 27001_201
following 3_main,glb
records in a,microsoft
support of _sspa,csa_
assigned star,iso_27
security re 001_2013_
sponsibiliti stage_1,iso
es: - recent _27001_20
Informatio 13_stage_2
n security ,nist_800_1
policy revie 71,nist_cyb
w/approval ersecurity_
record - framework,
Informatio ffiec,hitrust
n security _less_than_
policy com 10m_recor
munication ds,hitrust_
to all users over_60m_
- any records,sa
security q_a_ep,saq
alert email _b,saq_b_ip
communic ,saq_c,saq_
ation to d_merchan
affected t,saq_d_ser
parties For vice_provid
PCI DSS er,saq_p2p
(where the e,pcidss_3
entity is a 1,hitrust_d
Service omain,,poli
Provider) cies and pr
and for ocedures,p
HITRUST, ost-scoping
please ,Policies
provide and Proced
following: - ures,
Overall acc
ountability
for
maintainin
g
compliance
- Documen
ted charter
for a
compliance
program
and related
communic
ation to
the
executive
manageme
nt - Docum
ented
(Quarterly
for PCI DSS
or as
applicable
for other st
andards/re
gulations)
results of
the
60 / 71
reviews
showing: 1.
Daily log
reviews,
Firewall
rule-set
reviews,
Applying c
onfiguratio
n
standards
to new
systems,
Respondin
g to
security
alerts,
Change ma
nagement
process 2.
Sign-off of
results by
personnel
assigned r
esponsibilit
y for
maintainin
g
compliance
The
attached
template
contains
the sample
.Please
click on
this link to
view additi
onal files
to assist
you with
this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
61 / 71
.Please ork,ffiec,hit
click on rust_less_t
this link to han_10m_r
view additi ecords,hitr
onal files ust_over_6
to assist 0m_record
you with s,saq_a_ep
this ,saq_b,saq
question. It _c,saq_d_m
may erchant,sa
contain q_d_servic
templates, e_provider,
scripts or saq_p2pe,p
other cidss_31,s
additional wift,hitrust
files. Once _domain,,s
you have upport,POS
gathered (Point Of
the Sale) Devic
informatio es,atm / ki
n we osk,hr,post
requested, -scoping,H
please R,
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
62 / 71
as per the cords,sig_li
following te,gdpr,bit
criterion, - s_aup_201
All third 4,iso_2700
party 1_2013_an
service nex_a,glba,
providers privacy_shi
used by an eld,csa_sta
assessed r,iso_2700
entity to 1_2013_sta
store, ge_1,iso_2
process, or 7001_2013
transmit _stage_2,hi
covered trust_less_t
informatio han_10m_r
n on their ecords,hitr
behalf for ust_over_6
business 0m_record
purpose - s,saq_a,sa
All third q_a_ep,saq
party _b,saq_b_ip
service ,saq_c,saq_
providers d_merchan
used by t,saq_d_ser
the vice_provid
assessed er,saq_p2p
entity to e,pcidss_3
manage 1,swift,hitr
the ust_domai
component n,,third
s such as party man
routers, agement,p
firewalls, ost-scoping
databases, ,Third
physical Party Mana
security, gement,
and/or
servers.
You must
use
attached te
mplate.Ple
ase click
on this link
to view ad
ditional
files to
assist you
with this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
63 / 71
integrity 7001_2013
and/or _stage_2,ni
privacy res st_cyberse
ponsibilitie curity_fram
s for ework,ffiec
handling ,ccpa,hitru
covered st_less_tha
informatio n_10m_rec
n - Current ords,hitrust
compliance _over_60m
status _records,sa
against q_a,saq_a_
applicable ep,saq_b,s
regulations aq_b_ip,sa
/ data q_c,saq_d_
security merchant,s
standards - aq_d_servi
List of ce_provide
security re r,saq_p2pe
quirements ,pcidss_31,
which are swift,hitrus
managed t_domain,,t
by each hird party
third party manageme
service nt,post-sco
provider on ping,Third
your behalf Party Mana
- Non- gement,
disclosure
agreement
s You must
use
attached te
mplate.Ple
ase click
on this link
to view ad
ditional
files to
assist you
with this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
64 / 71
contains hant,saq_d
the sample _service_pr
.Please ovider,saq_
click on p2pe,pcids
this link to s_31,swift,
view additi hitrust_do
onal files main,,third
to assist party man
you with agement,p
this ost-scoping
question. It ,Third
may Party Mana
contain gement,
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
93 94 Incid Provide the cc139 964::LPB_PCI_ Under Incident response procedure pcidss_32,
65 / 71
ent R Organizatio Question_94.zi Evaluat has date 15 July 2020, please ei3pa,soc1,
espo n's p!!~!!987::LPB ion provide latest version of this soc2,nist_8
nse Incident _PCIDSS_Quest documentation. Also provide 00_53,nist
Response P ion_94_ver1.0. one of the following as high,nist m
lan/Proced zip evidence to confirm that oderate,nis
ure. The documented Incident Response t low,mars
plan procedure was followed: 1. e_2_0,sca,
should Annual Incident Response Plan hipaa,hitru
consider: - test report OR 2. From the st_10m_to_
Responsibl sample of security incidents 60m_recor
e persons selected by the assessor, ds,sig_lite,
for the ma provide supporting documents cms_ars_2_
nagement 0,bits_aup_
of the 2014,iso_2
security 7001_2013
incidents. - _annex_a,g
The lba,privacy
procedure _shield,mic
for rosoft_sspa
reporting ,csa_star,is
security o_27001_2
events. - 013_stage_
Guidelines 1,iso_2700
are given 1_2013_sta
for ge_2,nist_8
employees 00_171,nis
and t_cybersec
contractors urity_frame
to record work,ffiec,
and report hitrust_less
any _than_10m
observed _records,hi
or trust_over_
suspected 60m_recor
informatio ds,saq_a,s
n security aq_a_ep,sa
incidents in q_b,saq_b_i
the p,saq_c,sa
systems or q_d_merch
services. - ant,saq_d_
The service_pro
procedure vider,saq_p
for 2pe,pcidss
evaluating _31,swift,hi
and trust_doma
deciding if in,incident
events response,p
related to ost-scoping
informatio ,Incident R
n security esponse,so
are c2_post_sc
classified oping
as
incidents. -
The
process for
responding
to
informatio
n security
incidents. -
The
guidelines
established
to use the
knowledge
gained in
the
analysis
and
resolution
of
informatio
n security
incidents
to reduce
the
likelihood
or impact
of future
incidents.
Also
include the
mechanis
ms in place
to quantify
and
monitor
the types,
volumes,
and costs
of
informatio
n security
incidents. -
Procedures
developed
for
identifying,
collecting,
66 / 71
acquiring,
and
preserving
informatio
n that can
serve as
evidence. -
Procedures
on escalati
ons/comm
unication
to/with
external
authorities
(i.e.,
Police, Fire,
Regulatory
agencies)
contacted
in the
event of a
security
incident. -
Procedures
that
specify
when and
who should
contact
authorities
- AND - -
How
identified
informatio
n security
incidents
should be
reported
promptly
(e.g., if a
violation of
the law is
suspected)
. Also,
provide
one of the
following
as
evidence
to confirm
that docum
ented
Incident
Response
procedure
was
followed:
1. Annual
Incident
Response
Plan test
report OR
2. From
the sample
of security
incidents
selected by
the
assessor,
provide
supporting
documents
You must
use the
attached te
mplatePlea
se click on
this link to
view additi
onal files
to assist
you with
this
question. It
may
contain
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
67 / 71
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
95 233 Logic Provide cc284 965::LPB_PCI_ Under Please provide step by step ,pcidss_32,
al Ac evidence Question_233. Evaluat screenshot for privilege access ei3pa,soc1,
cess of two- zip!!~!!984::LP ion over CyberArk to clarify what nist_800_5
factor auth B_PCIDSS_Que kind of multifactor 3,nist
entication stion_233_ver1 authentication was deployed high,nist m
being used .1.zip oderate,nis
for all admi t low,mars
nistrative e_2_0,sig_li
access to te,cms_ars
the _2_0,nist_8
network 00_171,saq
zone or to _a_ep,saq_
individual b_ip,saq_c,
assets saq_d_mer
within the chant,saq_
environme d_service_
nt storing, provider,,L
processing ogical
or Access,
transmittin
g in-scope
data. The
attached
template is
provided
as a sampl
e.Please
click on
this link to
view additi
onal files
to assist
you with
this
question. It
may
contain
68 / 71
templates,
scripts or
other
additional
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
69 / 71
failure 3.
Identifying
and docum
enting
cause(s) of
failure,
including
root cause,
and docum
enting
remediatio
n required
to address
root cause
4.
Identifying
and
addressing
any
security
issues that
arose
during the
failure 5.
Performing
a risk
assessmen
t to
determine
whether
further
actions are
required as
a result of
the
security
failure 6. I
mplementi
ng controls
to prevent
cause of
failure
from
reoccurring
7.
Resuming
monitoring
of security
controls -
Provide at
least one
incident re
port/record
to verify
that
security
control
failures are
documente
d to
include: 1.
Identificati
on of
cause(s) of
the failure,
including
root cause
2. Duration
(date and
time start
and end) of
the
security
failure 3.
Details of
the
remediatio
n required
to address
the root
cause The
attached
template is
provided
as a sampl
e.Please
click on
this link to
view additi
onal files
to assist
you with
this
question. It
may
contain
templates,
scripts or
other
additional
70 / 71
files. Once
you have
gathered
the
informatio
n we
requested,
please
upload it
by clicking
the
"Upload
Files"
button
below or
by
"Dragging
and
Dropping"
the files
below.
71 / 71
Powered by TCPDF (www.tcpdf.org)