Open Source PCI-DSS
- Home
- What is PCI-DSS?
- Requirements
- Requirement 1
- Requirement 2
- Requirement 3
- Requirement 4
- Requirement 5
- Requirement 6
- Requirement 7
- Requirement 8
- Requirement 9
- Requirement 10
- Requirement 11
- Requirement 12
Requirement 3.4
Render PAN, at minimum, unreadable anywhere it is stored (including on portable digital media, backup media, in logs) by using any of the following approaches:
- One-way hashes based on strong cryptography
- Truncation
- Index tokens and pads (pads must be securely stored)
- Strong cryptography with associated key-management processes and procedures
The MINIMUM account information that must be rendered unreadable is the PAN.
Notes:
If for some reason, a company is unable render the PAN unreadable, refer to Appendix B: Compensating Controls.
“Strong cryptography” is defined in the PCI DSS Glossary of Terms, Abbreviations and Acronyms.