Apply auditing processes within a technical scenario.
Use the link to the PCI-DSS self-assessment questionnaire (SQA-D) for Vendors (V. 4.0) provided in this week’s readings and use this information to complete the assignment.
Consider the PCI-DSS self-assessment questionnaire D for Merchants (V. 4.0) which a typical retail merchant would have to show compliance in order to continue doing business with credit cards.
Review the questions associated with four different requirements of the twelve covered by the assessment questions (specifically sections 3, 8, 9, and one other section of your choice)
For each section explain:
The purpose of that section, why it is important, and what these questions seek to achieve.
Pick any three questions in that section and explain:
What the question means
What evidence would be needed to show compliance
Whether it would be easy or difficult to achieve compliance and why
Do not pick three that are all easy
Summarize your impressions of the questions for this section and discuss how a merchant would establish or maintain compliance.
For any question that you examined in item 2 above, (which was deemed hard to comply with) assume that you cannot fully meet the requirement and draft up a half-page compensating control (Refer to Appendix B) that would substitute for a fully compliant response.