💼 3.6.1.1 A documented description of the cryptographic architecture is maintained.
- ID:
/frameworks/pci-dss-v4.0/03/06/01/01
Stats​
not available
Description​
Additional requirement for service providers only.
That includes:
- Details of all algorithms, protocols, and keys used for the protection of stored account data, including key strength and expiry date.
- Preventing the use of the same cryptographic keys in production and test environments. This bullet is a best practice until its effective date; refer to Applicability Notes below for details.
- Description of the key usage for each key.
- Inventory of any hardware security modules (HSMs), key management systems (KMS), and other secure cryptographic devices (SCDs) used for key management, including type and location of devices, as outlined in Requirement 12.3.4.
Similar​
- Sections
/frameworks/pci-dss-v3.2.1/03/05/01/frameworks/pci-dss-v4.0.1/03/06/01/01
- Internal
- ID:
dec-c-c9320c21
- ID:
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v3.2.1 → 💼 3.5.1 Maintain a documented description of the cryptographic architecture | no data | ||||
| 💼 PCI DSS v4.0.1 → 💼 3.6.1.1 A documented description of the cryptographic architecture is maintained. | no data |
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v3.2.1 → 💼 3.5.1 Maintain a documented description of the cryptographic architecture | no data | ||||
| 💼 PCI DSS v4.0.1 → 💼 3.6.1.1 A documented description of the cryptographic architecture is maintained. | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|