💼 3.2 Do not store sensitive authentication data after authorization (even if encrypted).
- ID:
/frameworks/pci-dss-v3.2.1/03/02
Description
If sensitive authentication data is received, render all data unrecoverable upon completion of the authorization process.
It is permissible for issuers and companies that support issuing services to store sensitive authentication data if:
- There is a business justification and
- The data is stored securely.
Similar
- Sections
/frameworks/pci-dss-v4.0/03/03/01/frameworks/pci-dss-v4.0/03/03/03
- Internal
- ID:
dec-c-d5d99c21
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 3.3.1 SAD is not retained after authorization, even if encrypted. | 3 | 5 | no data | ||
| 💼 PCI DSS v4.0 → 💼 3.3.3 Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need, is secured and encrypted using strong cryptography. | 5 | no data |
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 3.3.1 SAD is not retained after authorization, even if encrypted. | 3 | 5 | no data | ||
| 💼 PCI DSS v4.0 → 💼 3.3.3 Any storage of sensitive authentication data is limited to that which is needed for a legitimate issuing business need, is secured and encrypted using strong cryptography. | 5 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 3.2.1 Do not store the full contents of any track after authorization. | no data | ||||
| 💼 3.2.2 Do not store the card verification code or value after authorization. | no data | ||||
| 💼 3.2.3 Do not store the personal identification number (PIN) or the encrypted PIN block after authorization. | no data |
Policies (5)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK)🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google BigQuery Table is not encrypted with Customer-Managed Encryption Key (CMEK)🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK)🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance Confidential Compute is not enabled🟢 | 1 | 🟢 x6 | no data |