PCI安全认证SAQ3.1版.pdfVIP

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced Version 3.0 February 2014 Document Changes Date Version Description To align content with new PCI DSS v1.2 and to implement minor October 2008 1.2 changes noted since original v1.1. To align content with new PCI DSS v2.0 requirements and testing October 2010 2.0 procedures. To align content with PCI DSS v3.0 requirements and testing February 2014 3.0 procedures and incorporate additional response options. PCI DSS SAQ A, v3.0 February 2014 © 2006-2014 PCI Security Standards Council, LLC. All Rights Reserved. Page i Table of Contents Document Changes i Before You Beginiii PCI DSS Self-Assessment Completion Steps iii Understanding the Self-Assessment Questionnaire iv Expected Testing iv Completing the Self-Assessment Questionnaire iv Guidance for Non-Applicability of Certain, Specific Requirements v Legal Exception v Section 1: Assessment Information 1 Section 2: Self-Assessment Questionnaire A 4 Requirement 9: Restrict physical access to cardholder data 4 Maintain an Information Security Policy 6 Requirement 12: Maintain a policy that addresses information security for all personnel 6 Appendix A: Additional PCI DSS Requirements for Shared Hosting Providers 8 Appendix B: Compensating Controls Worksheet 9 Appendix C: Explanation of Non-Applicabi