Frequently Asked Question

Does Requirement 3.4 apply to mainframes?
Requirement 3.4 of the PCI DSS applies to mainframes that store cardholder data. If the company has legitimate business or technical constraints to meet this or any other requirement, compensating controls may be applied. Compensating controls must be commensurate with additional risk imposed by not adhering to the original requirement. Please refer to Appendices B and C of the PCI DSS for more information on the use of compensating controls.
April 2012
Article Number: 1093
Related
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?