For each requirement listed in a ROC, which types of findings must have a full narrative response?
An assessor must provide which of the following to their client at the start of every assessment?
A card production vendor employs a contracted guard service from an outside source. What is one of the responsibilities of the contracted service?
A vendor’s HSA access is enforced by a security turnstile they have a logical access-control system that ensures anti pass-back. The device is functioning correctly. When must the status of the access change?
Which of the following principles must be enforce by the HSA Access Control system?
A vendor is unsure which forms are needed to complete an assessment. Who should they ask?
A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder’s mobile device. Which of the following best describes the vendor’s activities?
A vendor puts cardholder information into a chip by sliding a payment card through a machine that programs it and verifies the data. The chip can make contactless transactions. Which of the following best describes the vendor’s activity?
An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?
During an assessment you do a walk-through of bringing card products into the HSA using the goods-tools trap. You act as production staff, using an empty cardboard box as the card products. During the process, the guard escorts you, along with the box, into the pre-press room. What is your conclusion?