100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
AQSA QUESTIONS AND ANSWERS $7.99   Add to cart

Exam (elaborations)

AQSA QUESTIONS AND ANSWERS

 6 views  0 purchase
  • Course
  • AQSA
  • Institution
  • AQSA

AQSA Responsibilities - - Gathering and maintaining evidence - Documenting reporting sections of the executive summary - Preparing draft sections of a ROC related to requirements for which the AQSA has gathered the evidence - Under QSA supervision or specific criteria provided by a QSA, conduct...

[Show more]

Preview 3 out of 28  pages

  • September 4, 2024
  • 28
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • AQSA
  • AQSA
avatar-seller
ACADEMICMATERIALS
AQSA
AQSA Responsibilities - - Gathering and maintaining evidence

- Documenting reporting sections of the executive summary

- Preparing draft sections of a ROC related to requirements for which the AQSA has gathered the
evidence

- Under QSA supervision or specific criteria provided by a QSA, conducting interviews, reviewing
documented evidence, following up on remediated findings, and conducting data center and site visits
for non-primary locations.



Additional PCI DSS Requirement for Multi-Tenant Service Providers - - Must separate customer
data

- Customer only has access to their own environment

- Penetration test must be conducted every 6 months

- Customers are able to report security incidents and vulnerabilities to the provider



12.10 - Suspected and confirmed security incidents that could impact the CDE are responded to
immediately



3DS Core - Organizations that support 3DS authentication use a 3DS Roc to show their compliance
with this standard



Account Configurations - - Idle accounts inactive after 90 days are to be removed

- Idle sessions over 15 minutes should be locked out

- User Logins must be locked for 30 minutes if there are 10 attempts

- Password lengths must be 12 characters/numbers and different from the last 4 passwords used

- MFA is required if the user is accessing CDE

- Passwords must be changed every 90 days if they do not utilize MFA



Account Data That May Be Stored After Authorization - - Primary Account Number (PAN)

,- Cardholder Name

- Expiration Date

- Service Code



Account Data That May NOT Be Stored After Authorization - - Full Track Data

- Card Verification Code

- Pin / Pin Block



Acquirer - Sends payment transaction data through the payment network to the issuer



Acquirer Role - - Responsible for ensuring their merchants are compliant and following the
compliance programs set forth by the participating payment brands

- Responsible for determining the merchant's reporting method and accepting compensating controls

- Responsible for any necessary actions resulting from merchant data breaches such as passing on
penalties and supporting forensic investigations

- Familiar with each payment brand's compliance validation programs




Appendix A (P2) - Findings and Observations: Additional PCI DSS Requirements

- Appendix A1: Additional PCI DSS Requirements for Multi-Tenant Service PRoviders

- Appendix A2: Additional PCI DSS Requirements for Entities Using SSL/Early TLS for Card-Present POS
POI Terminal Connections

- Appendix A3: Designated Entities Supplemental Validation (DESV)



Appendix A1 - Multi tenant service providers



Appendix A2 - Entities using SSL and early TLS must work toward upgrading to a strong
cryptographic protocol. No new systems can contain SSL or early TLS.



Appendix A3 - Designated Entities Supplemental Validation (DESV)

, An entity is required to undergo an assessment according to this Appendix ONLY if instructed to do so by

an acquirer or a payment brand.



Appendix C (P2) - Compensating Controls Worksheet

- Use this worksheet to document any instance where a compensating control is used to meet a PCI DSS
defined requirement. Note that compensating controls must also be documented at the corresponding
PCI DSS requirement in Part 2 findings and observations



Approved Scanning Vendor (ASV) - Scan reports and attestations are usually sent by an Approved
Scanning Vendor (ASV) to their client



AQSA DONTS - - Leading a PCI DSS Assessment

- Confirming PCI DSS compliance to customers

- signing attestation of compliance

- Validating the scope of a PCI DSS Assessment

- Selection of systems and systems components where sampling is used

- Evaluating compensating controls

- Evaluating customized controls

- Initiating or leading compliance discussions with payment brands or acquirers




Assessment Planning - - Determine the time and resources needed to complete the assessment

- Will assess activities be on-site, remote, or a combination

- Reviewing Documentation can help prepare for on-site activities



Assessment Process - 1. Assessor

2. Scope

3. Assess

4. Report

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller ACADEMICMATERIALS. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $7.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

66579 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$7.99
  • (0)
  Add to cart