EXECUTIVESUMMARY 4.3 - CHD DATA STORAGE (003) MS

EXECUTIVESUMMARY 4.3 - CHD DATA STORAGE (003) MS

Executive Summary – 4.3 Cardholder data storage

Please have the below table completed and returned.

 

4.3 Cardholder data storage

Identify and list all databases, tables, and files storing post-authorization cardholder data and provide the following details.

Note: The list of files and tables that store cardholder data in the table below must be supported by an inventory created (or obtained from the client) and retained by the assessor in the work papers.

 

Data Store
(database, etc.)

File(s) and/or Table(s)
 

Cardholder data elements stored
(for example, PAN, expiry, any elements of SAD) – put  fieldname

How data is secured
(for example, use of encryption, access controls, truncation, etc.)

How access to data stores is logged
(description of logging mechanism used for logging access to data—for example, enterprise log management solution, application-level logging, operating system logging, etc.)

pt135

ATTRIBUTE

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

DISPATCH_INTERACT

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

READ_WRITE_ATTRIBUTE

PI, or PII or PCI data

encrypted

R and D may be able to speak

PT235

ATTRIBUTE

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

DISPATCH_INTERACT

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

READ_WRITE_ATTRIBUTE

PI, or PII or PCI data

encrypted

R and D may be able to speak

pr101

ATTRIBUTE

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

DISPATCH_INTERACT

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

INTERACT

PI, or PII or PCI data

encrypted

R and D may be able to speak





 

 

Data Store
(database, etc.)

File(s) and/or Table(s)
 

Cardholder data elements stored
(for example, PAN, expiry, any elements of SAD) – put  fieldname

How data is secured
(for example, use of encryption, access controls, truncation, etc.)

How access to data stores is logged
(description of logging mechanism used for logging access to data—for example, enterprise log management solution, application-level logging, operating system logging, etc.)

PCH01

DISPATCH_INTERACT

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

PUBLISHED_RESULT

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

RECORD

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

RESPONSE_INTERACT

PI, or PII or PCI data

encrypted

R and D may be able to speak

PCH02

DISPATCH_INTERACT

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

PUBLISHED_RESULT

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

RECORD

PI, or PII or PCI data

encrypted

R and D may be able to speak

 

RESPONSE_INTERACT

PI, or PII or PCI data

encrypted

R and D may be able to speak