Frequently Asked Question
What types of 3DS components are in scope for Requirement P2-7 in the PCI 3DS Core Security Standard?
Requirements P2-7.1 and P2-7.2, which relate to data center and CCTV security, apply to 3DS Directory Server (DS) and 3DS Access Control Server (ACS) systems.
As noted in the Overview section of Requirement P2-7, the DS and ACS systems are critical components of the 3DS infrastructure that require a secure facility with elevated physical security controls to restrict, manage, and monitor all physical access.
The requirements in P2-7 are recommended, but not required, for locations where only a 3DS Server (3DSS) is present. Refer to the PCI 3DS Core Security Standard for information about the different 3DS components.
As noted in the Overview section of Requirement P2-7, the DS and ACS systems are critical components of the 3DS infrastructure that require a secure facility with elevated physical security controls to restrict, manage, and monitor all physical access.
The requirements in P2-7 are recommended, but not required, for locations where only a 3DS Server (3DSS) is present. Refer to the PCI 3DS Core Security Standard for information about the different 3DS components.
December 2020
Article Number: 1488