top of page
3.5.1 PCI DSS (v3.2.1)
Compliance Standard
Compliance Version
Control ID
PCI DSS
(v3.2.1)
3.5.1
Requirement 3: Protect stored cardholder data
(v3.2.1)
Additional requirement for service providers only: Maintain a documented description of the cryptographic architecture that includes:
• Details of all algorithms, protocols, and keys used for the protection of cardholder data, including key strength and expiry date
• Description of the key usage for each key.
• Inventory of any HSMs and other SCDs used for key management
bottom of page