PCI 3DS Security Requirements
GPTKB entity
Statements (92)
Predicate | Object |
---|---|
gptkbp:instanceOf |
crypt
|
gptkbp:appliesTo |
gptkb:3DS_ACS
gptkb:3DS_Directory_Server gptkb:3DS_Payment_Systems gptkb:3DS_SDK gptkb:3DS_Server 3DS Core Components |
gptkbp:firstPublished |
2017
|
gptkbp:focusesOn |
3-D Secure environments
|
https://www.w3.org/2000/01/rdf-schema#label |
PCI 3DS Security Requirements
|
gptkbp:latestReleaseVersion |
2021-01
v1.2.1 |
gptkbp:publishedBy |
gptkb:PCI_Security_Standards_Council
|
gptkbp:requires |
cryptography
data protection network security risk management personnel security multi-factor authentication access control training and awareness incident response physical security change management patch management secure remote access penetration testing secure authentication vulnerability management data retention policies least privilege principle monitoring and logging vulnerability scanning intrusion detection business continuity planning secure coding practices secure software development data minimization encryption of sensitive data firewall configuration annual risk assessment anti-malware controls background checks for personnel change control documentation incident response testing logging of 3DS transactions monitoring of third-party access protection of authentication data protection of cardholder data protection of sensitive authentication data removal of unnecessary services review of access control mechanisms review of application security review of audit logs review of authentication mechanisms review of business continuity plans review of change management records review of cryptographic protocols review of data flows review of data protection controls review of firewall rules review of incident response plans review of logs review of monitoring controls review of network diagrams review of network security controls review of penetration test results review of personnel security controls review of physical security controls review of procedures review of security policies review of service provider agreements review of system configurations review of training records review of user accounts review of vendor contracts review of vulnerability scan results secure backup procedures secure configuration of systems secure disposal of media secure network architecture secure storage of cryptographic keys secure wireless configuration segmentation of environments segregation of duties testing of backup restoration third-party management timely revocation of access user access reviews vendor risk assessment |
gptkbp:bfsParent |
gptkb:PCI_DSS
|
gptkbp:bfsLayer |
4
|