  
|
|
l Home l Compliance Services l Audit & Assessment
 |
|
The PA-DSS Standard
The Payment Application Data Security Standard (PA-DSS) is a set of requirements derived from the PCI DSS and the PCI DSS audit procedures to provide the vendors with PCI DSS aligned software development, implementation and operating guidelines. Depending on the card scheme organisations regional security programme requirements compliance with this standard is mandatory or optional for payment application vendors.
The PA-DSS includes requirements for sensitive data storage and protection, access control and logging functionality, secure software design and development, security documentation, ability to operate in secure network architectures, as well as other critical protective measures. These comprehensive requirements are intended to help application customers in proactively protecting their customer account data and achieve alignment with PCI DSS by using certified applications. The PA-DSS is grouped in fourteen requirement sections addressing about 40 single requirements. The requirements focus on the application specific issues of the six main sections of PCI DSS which are:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
PA-DSS applies to every vendor offering payment applications to banks, processors, payment service providers or merchants who use the application to store, process, or transmit cardholder or transaction data on their own or on behalf of one of the other entities through this payment application.
|
|
|
