PCI (Payment Card Industry Security Standard)
Protect stored cardholder data
3.5.1 Interview responsible personnel and review documentation to verify that a document exists to describe the cryptographic architecture including: – Details of all algorithms protocols and keys used for the protection of cardholder data including key strength and expiry date – Description of the key usage for each key – Inventory of any HSMs and other SCDs used for key management note: this requirement applies only when the entity being assessed is a service provider.
Maintaining current documentation of the cryptographic architecture enables an entity to understand the algorithms protocols and cryptographic keys used to protect cardholder data as well as the devices that generate use and protect the keys. This allows an entity to keep pace with evolving threats to their architecture enabling them to plan for updates as the assurance levels provided by different algorithms/key strengths changes. Maintaining such documentation also allows an entity to detect lost or missing keys or key-management devices and identify unauthorized additions to their cryptographic architecture.
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8