[PCI DSS 3.0] [PCI DSS 3.0] 12.8.5 Maintain information about which PCI DSS requirements are managed by each service provider, a

pcinetwork

PCINetwork.org Admin
#1
12.8.5 Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity.

12.8.5 Verify the entity maintains information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity.

The specific information an entity maintains will depend on the particular agreement with their providers, the type of service, etc. The intent is for the assessed entity to understand which PCI DSS requirements their providers have agreed to meet.
 
Top