PCI 3DS Security Requirements

GPTKB entity

Statements (92)
Predicate Object
gptkbp:instanceOf crypt
gptkbp:appliesTo gptkb:3DS_ACS
gptkb:3DS_Directory_Server
gptkb:3DS_Payment_Systems
gptkb:3DS_SDK
gptkb:3DS_Server
3DS Core Components
gptkbp:firstPublished 2017
gptkbp:focusesOn 3-D Secure environments
https://www.w3.org/2000/01/rdf-schema#label PCI 3DS Security Requirements
gptkbp:latestReleaseVersion 2021-01
v1.2.1
gptkbp:publishedBy gptkb:PCI_Security_Standards_Council
gptkbp:requires cryptography
data protection
network security
risk management
personnel security
multi-factor authentication
access control
training and awareness
incident response
physical security
change management
patch management
secure remote access
penetration testing
secure authentication
vulnerability management
data retention policies
least privilege principle
monitoring and logging
vulnerability scanning
intrusion detection
business continuity planning
secure coding practices
secure software development
data minimization
encryption of sensitive data
firewall configuration
annual risk assessment
anti-malware controls
background checks for personnel
change control documentation
incident response testing
logging of 3DS transactions
monitoring of third-party access
protection of authentication data
protection of cardholder data
protection of sensitive authentication data
removal of unnecessary services
review of access control mechanisms
review of application security
review of audit logs
review of authentication mechanisms
review of business continuity plans
review of change management records
review of cryptographic protocols
review of data flows
review of data protection controls
review of firewall rules
review of incident response plans
review of logs
review of monitoring controls
review of network diagrams
review of network security controls
review of penetration test results
review of personnel security controls
review of physical security controls
review of procedures
review of security policies
review of service provider agreements
review of system configurations
review of training records
review of user accounts
review of vendor contracts
review of vulnerability scan results
secure backup procedures
secure configuration of systems
secure disposal of media
secure network architecture
secure storage of cryptographic keys
secure wireless configuration
segmentation of environments
segregation of duties
testing of backup restoration
third-party management
timely revocation of access
user access reviews
vendor risk assessment
gptkbp:bfsParent gptkb:PCI_DSS
gptkbp:bfsLayer 4