Point to Point Encryption (P2PE) ™
Point-to-Point Encryption (P2PE) Qualified Security Assessors - QSA (P2PE):
Building upon the solid data and environmental security foundation established and promulgated by the PCI SSC for the payments industry via the PCI DSS, PA-DSS, and PTS, the P2PE Standard is a comprehensive set of requirements focused on providing the requisite security requirements necessary to support the deployment of secure P2PE Solutions.
Candidates will learn how to:
- Build, test and deploy solutions that provide the tools necessary for PCI DSS compliance.
- Evaluate P2PE Solutions P-RoVs on behalf of the applicable P2PE Solution Providers and submit them directly to PCI SSC for review and acceptance.
- Assess in-depth information about all six domains included in the P2PE Standard.
- Test and assess P2PE solutions
- Prepare basic cryptography, key management techniques, and solution specific assessment techniques.
Point-to-Point Encryption Payment Application- Qualified Security Assessors (P2PE) – PA-QSA (P2PE)
In addition, PA-QSA (P2PE)s may:
- Evaluate P2PE Solutions and P2PE Applications.
- Submit corresponding P-RoVs on behalf of the applicable P2PE Solution Providers and the applicable P2PE Application Vendors
*NOTE - ONLY PA-QSA (P2PE) Assessors may complete P2PE Application Assessments
The PCI Security Standards Council operates an in-depth program for security companies seeking to become QSA (P2PE)s and/ or PA-QSA (P2PE)s, and to be re-certified each year. The five founding members of the Council recognize the QSA (P2PE)s and PA-QSA (P2PE)s certified by the PCI Security Standards Council as being qualified to assess compliance to the PCI DSS P2PE standard.
QSA (P2PE) and PA-QSA (P2PE) will participate in the same 2 day class.
PA-QSA (P2PE) candidates will be required to attend an additional session on Domain 2 and take a second exam. Candidates must pass the QSA (P2PE) and PA-QSA (P2PE) to become approved PA-QSA (P2PE) assessors.
The P2PE training is the most technically complex training, specifically surrounding encryption. It was very helpful to thoroughly understand what we as QSA (P2PE) are required to test.
Aside from the technical content of the course, it was a great opportunity to meet other QSAs/PA-QSAs and discuss common issues/concerns - good to hear/understand that others encounter common issues and share concerns/views.
The training gave interesting insight into the encryption and key management aspects like key injection, key loading facility etc.