Which is a core requirement of PCI-DSS?

Prepare for the DSST Ethics In Technology Exam with comprehensive study resources. Utilize flashcards and multiple-choice questions, each accompanied by hints and explanations. Gear up for your exam success!

Multiple Choice

Which is a core requirement of PCI-DSS?

Explanation:
Protecting cardholder data through encryption is what PCI-DSS emphasizes. The standard requires that cardholder data be protected both when it’s stored and when it’s transmitted, using strong encryption and proper key management. This makes the data unreadable to anyone who shouldn’t have access, even if a breach occurs. Encryption at rest and in transit is a foundational control because it directly reduces the impact of data exposure. Among the given options, encrypting cardholder data aligns with this protection goal and is a primary way to safeguard sensitive information. Sharing cardholder data with marketing partners would broaden exposure and contradict PCI-DSS data handling rules. Ignoring access control undermines the very mechanism that keeps data from unauthorized eyes. Storing CVV data indefinitely is prohibited by PCI-DSS, since CVVs should not be kept after authorization. So encryption is the core requirement reflected in PCI-DSS for protecting cardholder data.

Protecting cardholder data through encryption is what PCI-DSS emphasizes. The standard requires that cardholder data be protected both when it’s stored and when it’s transmitted, using strong encryption and proper key management. This makes the data unreadable to anyone who shouldn’t have access, even if a breach occurs. Encryption at rest and in transit is a foundational control because it directly reduces the impact of data exposure.

Among the given options, encrypting cardholder data aligns with this protection goal and is a primary way to safeguard sensitive information. Sharing cardholder data with marketing partners would broaden exposure and contradict PCI-DSS data handling rules. Ignoring access control undermines the very mechanism that keeps data from unauthorized eyes. Storing CVV data indefinitely is prohibited by PCI-DSS, since CVVs should not be kept after authorization.

So encryption is the core requirement reflected in PCI-DSS for protecting cardholder data.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy