top of page
3.5 PCI DSS (v3.2.1)
Compliance Standard
Compliance Version
Control ID
PCI DSS
(v3.2.1)
3.5
Requirement 3: Protect stored cardholder data
(v3.2.1)
Document and implement procedures to protect keys used to secure stored cardholder data against disclosure and misuse:
Note: This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys—such key-encrypting keys must be at least as strong as the data-encrypting key.
bottom of page