PCI Compliance Assessment Checklist Template Download as PDF Digitalize this paper form now
Register for free on lumiformapp.com and conduct inspections via our mobile app
Cut inspection time by 50% Uncover more issues and solve them 4x faster Select from over 4000 expert-proofed templates PCI Compliance Assessment Checklist Template Storage of sensitive authentication data (SAD) Is your system storing this data? If so, are you aware of it? Yes No N/A Did you check for inadequate access controls due to improperly installed point-of-sale (POS) systems, allowing malicious users in via paths intended for POS vendors? Yes No N/A Default system settings and passwords were changed when the system was installed? Yes No N/A Unnecessary and insecure services removed or secured when the system was installed? Yes No N/A Checked for poorly coded web applications that could result in SQL injection and other vulnerabilities, which allow access to the database storing cardholder data directly from the website? Yes No N/A Checked for missing and outdated security patches? Yes No N/A Checked for adequate logging protocols? Yes No N/A Checked for adequate monitoring? (via log reviews, intrusion detection/prevention, quarterly vulnerability scans, and file integrity monitoring systems)? Yes No N/A POS Vendor System's Security (Ask POS Vendor) Have default settings and passwords been changed on the systems and databases that are part of the POS system? Yes No N/A Do you access my POS system remotely? Yes No N/A Have all unnecessary and insecure services been removed from the systems and databases that are part of the POS system? Yes No N/A Is my POS software validated to the Payment Application Data Security Standard (PA-DSS)? Yes No N/A Does my POS software store sensitive authentication data, such as track data or PIN blocks? Yes No N/A Does my POS software store primary account numbers (PANs)? Yes No N/A Will you document the list of files written by the application with a summary of each file's contents to verify that the above-mentioned, prohibited data is not stored? Yes No N/A Does my POS software enforce complex and unique passwords for all user access? Yes No N/A Can you confirm that you do not use common or default passwords for access to my system and other merchant systems you support? Yes No N/A Have all the systems and databases that are part of the POS system been patched with all applicable security updates? Yes No N/A Is the logging capability turned on for the systems and databases that are part of the POS system? Yes No N/A If prior versions of my POS software stored sensitive authentication data, has this feature been removed during current updates to the POS software? Was a secure wipe utility used to remove this data? Yes No N/A Cardholder Data Payment brand rules allow for the storage of primary account number (PAN), expiration date, cardholder name, and service code. Is the risk of having the data compromised worth the effort to store it? Yes No N/A Are the additional PCI DSS controls that need to be applied to protect the data worth the continued storage of this data? Yes No N/A Are the ongoing maintenance efforts to remain PCI DSS compliant overtime worth the continued storage of this data? Yes No N/A The cardholder data that NEEDS to be stored are properly consolidated and isolated through proper network segmentation Yes No N/A Full name and signature of Compliance Officer in-charge Yes No N/A Confirmation Full name and signature of Compliance Officer in-charge
Please note that this checklist template is a hypothetical appuses-hero example and provides only standard information. The template does not aim to replace, among other things, workplace, health and safety advice, medical advice, diagnosis or treatment, or any other applicable law. You should seek your professional advice to determine whether the use of such a checklist is appropriate in your workplace or jurisdiction.