ordba.net - Srinivas Maddali - What I learned from various RDBMS also from non-RDBMS supported by RDBMS

ExecutiveSummary 4.3 - CHD Data Storage (003) MS

Executive Summary – 4.3 Cardholder data storage

Please have the below table completed and returned.

4.3 Cardholder data storage

Identify and list all databases, tables, and files storing post-authorization cardholder data and provide the following details.

Note: The list of files and tables that store cardholder data in the table below must be supported by an inventory created (or obtained from the client) and retained by the assessor in the work papers.

Data Store (database, etc.)	File(s) and/or Table(s)	Cardholder data elements stored (for example, PAN, expiry, any elements of SAD) – put fieldname	How data is secured (for example, use of encryption, access controls, truncation, etc.)	How access to data stores is logged (description of logging mechanism used for logging access to data—for example, enterprise log management solution, application-level logging, operating system logging, etc.)
pt135	ATTRIBUTE	PI, or PII or PCI data	encrypted	R and D may be able to speak
	DISPATCH_INTERACT	PI, or PII or PCI data	encrypted	R and D may be able to speak
	READ_WRITE_ATTRIBUTE	PI, or PII or PCI data	encrypted	R and D may be able to speak
PT235	ATTRIBUTE	PI, or PII or PCI data	encrypted	R and D may be able to speak
	DISPATCH_INTERACT	PI, or PII or PCI data	encrypted	R and D may be able to speak
	READ_WRITE_ATTRIBUTE	PI, or PII or PCI data	encrypted	R and D may be able to speak
pr101	ATTRIBUTE	PI, or PII or PCI data	encrypted	R and D may be able to speak
	DISPATCH_INTERACT	PI, or PII or PCI data	encrypted	R and D may be able to speak
	INTERACT	PI, or PII or PCI data	encrypted	R and D may be able to speak

Data Store (database, etc.)	File(s) and/or Table(s)	Cardholder data elements stored (for example, PAN, expiry, any elements of SAD) – put fieldname	How data is secured (for example, use of encryption, access controls, truncation, etc.)	How access to data stores is logged (description of logging mechanism used for logging access to data—for example, enterprise log management solution, application-level logging, operating system logging, etc.)
PCH01	DISPATCH_INTERACT	PI, or PII or PCI data	encrypted	R and D may be able to speak
	PUBLISHED_RESULT	PI, or PII or PCI data	encrypted	R and D may be able to speak
	RECORD	PI, or PII or PCI data	encrypted	R and D may be able to speak
	RESPONSE_INTERACT	PI, or PII or PCI data	encrypted	R and D may be able to speak
PCH02	DISPATCH_INTERACT	PI, or PII or PCI data	encrypted	R and D may be able to speak
	PUBLISHED_RESULT	PI, or PII or PCI data	encrypted	R and D may be able to speak
	RECORD	PI, or PII or PCI data	encrypted	R and D may be able to speak
	RESPONSE_INTERACT	PI, or PII or PCI data	encrypted	R and D may be able to speak

ExecutiveSummary 4.3 - CHD Data Storage (003) MS

Download PDF

ExecutiveSummary 4.3 - CHD Data Storage (003) MS