💼 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes.

• ID: /frameworks/pci-dss-v4.0.1/03/02/01

Description

Include at least the following:

• Coverage for all locations of stored account data.
• Coverage for any sensitive authentication data (SAD) stored prior to completion of authorization. This bullet is a best practice until its effective date; refer to Applicability Notes below for details.
• Limiting data storage amount and retention time to that which is required for legal or regulatory, and/or business requirements.
• Specific retention requirements for stored account data that defines length of retention period and includes a documented business justification.
• Processes for secure deletion or rendering account data unrecoverable when no longer needed per the retention policy.
• A process for verifying, at least once every three months, that stored account data exceeding the defined retention period has been securely deleted or rendered unrecoverable.

Similar

• Sections
  • /frameworks/pci-dss-v4.0/03/02/01
  • /frameworks/aws-fsbp-v1.0.0/documentdb/02

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DocumentDB.2] Amazon DocumentDB clusters should have an adequate backup retention period					no data
💼 PCI DSS v4.0 → 💼 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes.					no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v4.0 → 💼 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes.					no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance