SAQ

 

PCI DSS New Self-Assessment Questionnaire (SAQ) Summary

From PCI Security Standards Council

 

SAQ Overview

The effective date of the new PCI DSS v1.2 standard was October 1, 2008, and the sunset date of the PCI DSS v1.1 was December 31, 2008. For assessments started after December 31, version 1.2 must be used.

The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers in self-evaluating their compliance with the Payment Card Industry Data Security Standard (PCI DSS).  There are multiple versions of the PCI DSS SAQ to meet various scenarios. This document has been developed to help organizations determine which SAQ best applies to them. 

The PCI DSS SAQ is a validation tool for merchants and service providers not required to undergo an on-site data security assessment per the PCI DSS Security assessment Procedures, and may be required by your acquirer or payment brand. Please consult your acquirer or payment brand for details regarding PCI DSS validation requirements.

The PCI DSS SAQ consists of the following components: 

  1. Questions correlating to the PCI DSS requirements, appropriate to service providers and merchants:  See “Selecting the SAQ and Attestation that Best Apply to Your Organization” see the Instructions and Guidelines Document. 
  2. Attestation of Compliance:  The Attestation is your certification that you are eligible to perform and have performed the appropriate Self-Assessment.

Instructions for Completing the SAQ

  1. Use the guidelines herein to determine which SAQ is appropriate for your company. 
  2. Use the appropriate Self-Assessment Questionnaire as a tool to validate compliance with the PCI DSS. Click on appropriate links in table below to access your SAQ.
  3. Use Navigating PCI DSS: Understanding the Intent of the Requirements to understand how and why the requirements are relevant to your organization.

Complete the appropriate Attestation document and provide it to either your acquirer or card brand, as appropriate, along with any required documentation

 

SAQ  Overview

Twelve Steps to

PCI Compliance

Ø  Twelve Steps to PCI Compliance*

Ø  Control Objectives Compliance Requirements

Ø  Maintain an information security policy

Ø  Regularly monitor and test networks

Ø  Implement strong access control measures

Ø  Maintain a vulnerability management program

Ø  Protect cardholder data

 

1. Install and maintain a firewall configuration to protect data

2. Change vendor-supplied defaults for system passwords and other security parameters

3. Protect stored data

4. Encrypt transmission of cardholder magnetic-stripe data and sensitive information across public networks

5. Use and regularly update antivirus software

6. Develop and maintain secure systems and applications

 

7. Restrict access to data to a need-to-know basis

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

12. Maintain a policy that addresses information security Build and maintain a secure network

 

 

 

 

 

 

TTI is here for you

What is your time worth? Our time is your time! We will go beyond measure to make a happy customer. We aim to please our customers with our expertise! We are the number one IT group, so you as the customer can rest assured that we at TTI will get the job done! We are on your side any day, any time! We are depedable with a great reputation!

We Support

Florida | Georgia | North Carolina
South Carolina | Tennessee | Virginia

Have Questions

We Look Forward To Hearing From You!
Have A Blessed Day! :)
Our Home Office: (888)709-6684 / (843)589-9500
CustomerService@timelytech.com