+61-2-9434-5000

Contact Us

Requirement 4: Protect cardholder data with strong cryptography during transmission

2022 PSR

Please provide the information below to view the online Verizon Payment Security Report.

First Name: Last Name: E-mail: Organization: Organization type Country:

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

I confirm I have read and understood

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

Requirement 4: Protect cardholder data with strong cryptography during transmission

The goal	The goal of PCI DSS Key Requirement 4 is to develop, execute and maintain a sustainable capability for the effective monitoring and protection of CHD across the CDE, through the application of strong cryptography to protect Primary Account Numbers (PANs) during transmission of the PAN over open, public networks. This goal includes complete integration with all related PCI DSS Key Requirements for the establishment of an effective, integrated series of control systems, and the development and ongoing improvement of all related capabilities, processes, documentation, tools and training needed to achieve < Quantitatively managed/Optimized > maturity of this key requirement by < insert date >.
Goal applicability and scope considerations	The goal applies to all system components across the CDE where any PAN is transmitted over open, public networks, such as the internet, messaging systems or wireless technologies, including Wi-Fi, Bluetooth®, cellular technologies, satellite communications and General Packet Radio Service (GPRS) components It also applies to all security system components (technology and people) that support the security controls needed to meet this key requirement, such as systems that support security certificates, cryptographic systems, and logging and monitoring systems
Goal requirements: Some of the primary conditions necessary to achieve the goal	Documentation and processes: Maintain effective standard operating procedures with clearly articulated standards, roles and responsibilities. Regularly train and educate staff on how to follow the documented procedures. Internally monitor and report adherence to procedures Competency: The correct design, implementation, operation and maintenance of strong cryptography and certificate systems for securing data in transit or in motion; safeguarding CHD before and during transmission of the PAN over open, public networks Capability—scope management: The ability to continuously identify, monitor and improve all system components where the PAN is transmitted over open, public networks, to meet and maintain the compliance requirements. Internally monitor and report scope nonconformity and violations
Strong dependencies and integration with other key requirements	Requirement 6: Integration with system-hardening requirements Requirements 7 & 8: Secure authentication and access control to components that store CHD Requirement 10: Logging and monitoring of components that store CHD and related security systems Requirement 11: The testing of components that store CHD and related security systems Requirement 12: Ongoing contractual management of third-party data security responsibilities
Short-term objectives	Capability—scope and automation: Implement and maintain a system for the effective, automatic identification and reporting of the configuration and security status of all components that transmit CHD Capability—detect and respond: Develop and improve the ability to rapidly detect and respond to any clear-text transmission of the PAN from within the organization over open, public networks
Long-term objectives	Improvement: Improve and refine configurations, integration, support processes, documentation and training on all relevant system components Maturity: Achieve and maintain high- capability maturity and performance on all the protection of CHD during transmission, with low deviation from configuration standards, and high capability for the rapid detection and correction of configuration nonconformities across the CDE
Common constraints	Competency—scope management: Failure to include all applicable wireless technologies in the scope of compliance and validation Competency—security proficiency: Insufficient mastery of cryptographic industry standards, cryptography implementation and key management procedures, improper comprehension or inconsistent operation of security certificate management procedures, ineffective maintenance of cryptographic architecture and infrastructure Capability—secure operations: Ineffective design, operation and management of secure end-user messaging technologies Cost and Capacity: The cost and effort of upgrading outdated cryptographic protocols across a large environment with many affected components