top of page
< Back

3.5 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Requirement 3: Protect stored cardholder data


Document and implement procedures to protect keys used to secure stored cardholder data against disclosure and misuse:

Note: This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys—such key-encrypting keys must be at least as strong as the data-encrypting key.

bottom of page