πΌ 3.5.1 PAN is rendered unreadable anywhere it is stored.
-
Contextual name: πΌ 3.5.1 PAN is rendered unreadable anywhere it is stored.
-
ID:
/frameworks/pci-dss-v4.0.1/03/05/01
-
Located in: πΌ 3.5 Primary account number (PAN) is secured wherever it is stored.
Descriptionβ
Using any of the following approaches:
- One-way hashes based on strong cryptography of the entire PAN.
- Truncation (hashing cannot be used to replace the truncated segment of PAN).
- If hashed and truncated versions of the same PAN, or different truncation formats of the same PAN, are present in an environment, additional controls are in place such that the different versions cannot be correlated to reconstruct the original PAN.
- Index tokens.
- Strong cryptography with associated key-management processes and procedures.
Similarβ
- Sections
/frameworks/pci-dss-v4.0/03/05/01
Similar Sections (Take Policies From)β
Section | Sub Sections | Internal Rules | Policies | Flags |
---|---|---|---|---|
πΌ PCI DSS v4.0 β πΌ 3.5.1 PAN is rendered unreadable anywhere it is stored. | 3 | 12 |
Similar Sections (Give Policies To)β
Section | Sub Sections | Internal Rules | Policies | Flags |
---|---|---|---|---|
πΌ PCI DSS v4.0 β πΌ 3.5.1 PAN is rendered unreadable anywhere it is stored. | 3 | 12 |
Sub Sectionsβ
Policies (5)β
Policy | Logic Count | Flags |
---|---|---|
π Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK) π’ | 1 | π’ x6 |
π Google BigQuery Table is not encrypted with Customer-Managed Encryption Key (CMEK) π’ | 1 | π’ x6 |
π Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key π’ | 1 | π’ x6 |
π Google GCE Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK) π’ | 1 | π’ x6 |
π Google GCE Instance Confidential Compute is not enabled π’ | 1 | π’ x6 |