top of page
3.4.1 PCI DSS (v3.2.1)
Compliance Standard
Compliance Version
Control ID
PCI DSS
(v3.2.1)
3.4.1
Requirement 3: Protect stored cardholder data
(v3.2.1)
If disk encryption is used (rather than file- or column-level database encryption), logical access must be managed separately and independently of native operating system authentication and access control mechanisms (for example, by not using local user account databases or general network login credentials). Decryption keys must not be associated with user accounts.
Note: This requirement applies in addition to all other PCI DSS encryption and key-management requirements.
bottom of page