Terms for the Derived Test Requirements

Receipt of the Derived Test Requirements (DTRs) requires acceptance of this confidentiality agreement and completion of the request form on the next page. After PCI Security Standards Council receives and verifies the request, the DTRs will be electronically distributed.

PCI SECURITY STANDARDS COUNCIL, LLC NONDISCLOSURE AND ASSIGNMENT AGREEMENT

This Nondisclosure Agreement (the "Agreement") is a legal agreement between you and PCI Security Standards Council, LLC with a place of business at 401 Edgewater Place, Suite 600, Wakefield, MA 01880 ("PCI SSC"), which is the owner of the copyright in the documents listed immediately below (the "Confidential Materials"), which documents were previously provided to you in password protected format via electronic mail delivery:

  1. PCI Encrypting PIN Pad (EPP) Derived Test Requirements
  2. PCI POS PIN Entry Device (PED) Derived Test Requirements
  3. PCI Unattended Payment Terminal (UPT) Derived Test Requirements
  4. PCI Hardware Security Module (HSM) Derived Test Requirements

As used in this Agreement, "you" means the company, entity or individual that is being provided access to the Confidential Materials pursuant to this Agreement.

By clicking on the link to receive passwords to access the Confidential Materials at the end of this Agreement (the "Acceptance and Access Link"), you are requesting that PCI SSC provide you with such passwords, and you are agreeing that you will be bound by and are becoming a party to this Agreement. If you are an entity, and an individual is entering into this Agreement on your behalf, then you will be bound by this Agreement when that individual clicks on the Acceptance and Access Link. When they do so, it will also constitute a representation by that individual that s/he is authorized to bind you as a party to this Agreement. If you do not agree to all of the terms of this Agreement, you are not authorized to access the Confidential materials and you should close this web browser window.

1. Permitted Purpose.  If you click the Acceptance and Access Link below, PCI SSC hereby grants you the right, without charge, to access and read the Confidential Materials subject to and in accordance with the terms of this Agreement, solely for your internal purposes (the "Permitted Purpose").

2. Confidentiality.  You agree to keep the Confidential Materials strictly confidential at all times and that, without the prior written consent of PCI SSC, you will not use the Confidential Materials except for the Permitted Purpose. You agree that the Confidential Materials are and shall remain the proprietary and confidential information and property of PCI SSC. Except as expressly provided herein, PCI SSC grants no rights or license by implication or otherwise, under any of its copyrights, trade secrets, trademarks or other intellectual property rights, as a result of this Agreement or the disclosure of the Confidential Materials to you.

You shall use the utmost degree of care to maintain and protect the Confidential Materials as confidential and shall not disclose or make accessible the Confidential Materials to any person (except those of your employees, members or affiliates who have a need to know such Confidential Materials in connection with the Permitted Purpose and who are bound to preserve the confidentiality thereof by restrictions at least as restrictive as those set forth in this Agreement ("Restricted Recipients")). You shall use best efforts to ensure, and shall be solely responsible for, compliance with the restrictions set forth in this Agreement by all Restricted Recipients. Upon request of PCI SSC, you shall immediately either return all Confidential Materials (including without limitation, all copies, memoranda or analyses thereof, but excluding such Confidential Materials as you are required to retain by law or retain automatically as a part of your standard electronic backup procedures) to PCI SSC or destroy the same and certify such destruction to PCI SSC.

You acknowledge that PCI SSC shall not have an adequate remedy in the event that you breach or threaten to breach the terms of this Agreement and that PCI SSC will suffer irreparable damage and injury in such event, and you agree that PCI SSC, in addition to any other available rights and remedies, shall be entitled to seek an injunction restricting you from committing or continuing any violation of this Agreement.

The restrictions set forth in this Section 2 shall not apply to any portion of the Confidential Materials: (a) of which you had knowledge, prior to accessing the Confidential Materials, through no wrongful act or violation of confidentiality; (b) which is or becomes generally publicly available or a matter of public knowledge generally, through no wrongful act of your own; or (c) which you lawfully receive from a third party that is not under a non-disclosure obligation to PCI SSC. Notwithstanding the foregoing, you may disclose the Confidential Materials to the extent such disclosure is required to comply with applicable law or the valid order or requirement of a governmental or regulatory agency or court of competent jurisdiction, provided that you restrict such disclosure to the maximum extent legally permissible, that you notify PCI SSC as soon as practicable of any such requirement, and that subject to such disclosure, such disclosed materials shall in all respects remain subject to the restrictions set forth in this Agreement.

3. Intellectual Property.  You acknowledge and agree that the Confidential Materials shall at all times be the exclusive property of PCI SSC and/or any third parties of which PCI SSC is a licensee, as the case may be, and nothing in this Agreement shall be construed to convey to you any ownership interest in the Confidential Materials or any rights other than those expressly granted herein. No rights are granted or conveyed in this Agreement to create any derivative work based upon the Confidential Materials or any portion thereof, to sublicense or modify the Confidential Materials or any portion thereof, or to otherwise use the Confidential Materials for any purpose whatsoever, except for the Permitted Purpose.

4. Support and Maintenance.  PCI SSC shall have no obligation to you or to any third party to support or maintain the Confidential Materials.

5. No Warranties.  THE CONFIDENTIAL MATERIALS ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL PCI SSC, ITS MEMBERS OR ITS CONTRIBUTORS BE LIABLE FOR ANY CLAIM, OR ANY DIRECT, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OF THE CONFIDENTIAL MATERIALS.

6. Termination.  Either party may immediately terminate this Agreement for any or no reason upon written notice to the other party; provided that upon any such termination, the provisions of Sections 2 through 11 shall survive in their entirety.

7. Indemnification.  You shall indemnify, defend and hold harmless PCI SSC and its members, and the officers, directors, employees and agents of each of the foregoing (each, an "Indemnified Party") from all losses, costs, damages, claims and other expenses (including reasonable attorneys' fees) arising out of any claim by any third party in connection with your use of the Confidential Materials in breach of this Agreement.

8. Export Regulations.  Technical data and technology included within the Confidential Materials may be subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. You agree to comply strictly with all such regulations in connection with your use of the Confidential Materials and acknowledge that you are solely responsible for obtaining all licenses to export, re-export, or import the Confidential Materials in connection with your use thereof.

9. Government Restrictions.  Without limiting the restrictions set forth herein, the use, duplication or disclosure of the Confidential Materials by the United States government is further subject to the restrictions as set forth in the Rights in Technical Data and Computer Software Clauses in DFARS 252.227-7013(c)(1) (ii) and FAR 52.227-19(a) through (d) as applicable.

10. Miscellaneous.

10.1 Notices.  All notices required under this Agreement shall be in writing, and shall be deemed effective five days from deposit in the mails. Notices and correspondence to (a) PCI SSC must be sent to the address shown above, and (b) to you shall be sent to the address that you provide in the form below in this Agreement.

10.2 Governing Law.  This Agreement shall be construed and interpreted under the internal laws of the United States and the State of Delaware, without giving effect to its principles of conflict of law.

10.3 Entire Agreement.  This Agreement constitutes the entire agreement and understanding between you and PCI SSC regarding the subject matter contained herein. No modification or waiver of this Agreement shall be binding unless it is in writing and signed by both parties, and no waiver of any breach of this Agreement shall be deemed to be a waiver of any other or subsequent breach. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid, illegal or unenforceable, such provision shall be omitted and the remaining terms shall remain in full force and effect. This Agreement supersedes any and all prior agreements between you and PCI SSC regarding your right to use the Confidential Materials.

To indicate your acceptance of this Agreement and receive passwords to access the Confidential Materials, please

If you do not accept the terms of this Agreement, you are not authorized to access the Confidential Materials and you should close this web browser window.


Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.