Scribd Logo
Upload

Welcome to Scribd!

  • PCI DSS v3 2 1 ROC S2 Summary Overview

    Uploaded by

    mrehan2k2
    3 views2 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views2 pages

    PCI DSS v3 2 1 ROC S2 Summary Overview

    Uploaded by

    mrehan2k2

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    2.

    Summary Overview
    2.1 Description of the entity’s payment card business
    Provide an overview of the entity’s payment card business, including:

     Describe the nature of the entity’s business (what kind of work they do, etc.)
    Note: This is not intended to be a cut-and-paste from the entity’s website, but
    should be a tailored description that shows the assessor understands the business
    of the entity being assessed.
     Describe how the entity stores, processes, and/or transmits cardholder data.
    Note: This is not intended to be a cut-and-paste from above, but should build on
    the understanding of the business and the impact this can have upon the security
    of cardholder data.
     Describe why the entity stores, processes, and/or transmits cardholder data.
    Note: This is not intended to be a cut-and-paste from above, but should build on
    the understanding of the business and the impact this can have upon the security
    of cardholder data.
     Identify the types of payment channels the entity serves, such as card-present
    and card-not-present (for example, mail order/telephone order (MOTO), e-
    commerce).

     Other details, if applicable:

    2.2 High-level network diagram(s)


    Provide a high-level network diagram (either obtained from the entity or created by assessor) of the entity’s networking topography, showing the
    overall architecture of the environment being assessed. This high-level diagram should summarize all locations and key systems, and the boundaries
    between them and should include the following:
     Connections into and out of the network including demarcation points between the cardholder data environment (CDE) and other networks/zones
     Critical components within the cardholder data environment, including POS devices, systems, databases, and web servers, as applicable
     Other necessary payment components, as applicable

    <Insert high-level network diagram(s)>

    PCI DSS v3.2.1 Template for Report on Compliance, Rev. 1.0 June 2018
    © 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 1
    PCI DSS Template for Report on Compliance, Appendix D: Segmentation and Sampling of Business Facilities/System Components June 2018
    © 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 2

    You might also like