PaulDotCom mailing list archives

PCI & Paper Documents

From: rd at rd1.net (Ralph Durkee)
Date: Mon, 28 Dec 2009 19:09:18 -0500

Yes, it wouldn't be very complete if it didn't cover paper and other 
media as well as electronic storage.  The PCI DSS is found  
https://www.pcisecuritystandards.org/   Section 9 cover physical 
security, and 9.6 is particularly relevant, but typically other PCI DSS 
requirements are likely to apply as well.

9.6 Physically secure all paper and electronic media that contain 
cardholder data.

-- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
Principal Security Consultant
http://rd1.net


Robert Miller wrote:

Hello Everyone,

Do you know if PCI covers credit card numbers printed on paper and the 
protections of those said documents?

For example a customer order form that has been printed out, does this 
need to be under lock and key or is this not covered by PCI and we 
should lock it up for our own protection?

Thanks,

- Robert
(arch3angel)
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

PCI & Paper Documents Robert Miller (Dec 28)
- PCI & Paper Documents Shawn Bernard (Dec 28)
  - PCI & Paper Documents Robert Miller (Dec 29)
- PCI & Paper Documents Rick Hayes (Dec 28)
- PCI & Paper Documents Chris Merkel (Dec 28)
  - PCI & Paper Documents Vincent Lape (Dec 28)
- PCI & Paper Documents Nathan Sweaney (Dec 28)
- PCI & Paper Documents Ralph Durkee (Dec 28)
- PCI & Paper Documents Vincent Lape (Dec 28)