pci dss saq.pdf


Preview of PDF document pci-dss-saq.pdf

Page 12340

Text preview


Questionnaire SAQ A-EP
Build and Maintain a Secure Network and Systems : 45 questions to be completed
Protect Cardholder Data : 7 questions to be completed
Maintain a Vulnerability Management Program : 30 questions to be completed
Implement Strong Access Control Measures : 35 questions to be completed
Regularly Monitor and Test Networks : 48 questions to be completed
Maintain an Information Security Policy : 18 questions to be completed

Build and Maintain a Secure Network and Systems
Install and maintain a firewall configuration to protect cardholder data
1.1
Are firewall and router configuration standards established and implemented to
include the following:

1.1.1

Is there a formal process for approving and testing all network connections and
changes to the firewall and router configurations?

Compensating Control X Yes

1.1.2(a)

Yes

No

N/A

Is there a process to ensure the diagram is kept current?
Compensating Control

1.1.3(a)

N/A

Is there a current network diagram that documents all connections between the
cardholder data environment and other networks, including any wireless networks?
Compensating Control

1.1.2(b)

No

Yes

No

N/A

Is there a current diagram that shows all cardholder data flows across systems and
networks?
Compensating Control

Yes

No

N/A