Document Comparison
PTS_Program_Guide_v1-5_July_2015.pdf
→
PTS_Program_Guide_v1-6_Oct_2016.pdf
97% similar
51 → 52
Pages
17379 → 17610
Words
13
Content Changes
Content Changes
13 content changes. 52 administrative changes (dates, page numbers) hidden.
Added
p. 2
Updated for POI v5 and HSM v3. Testing timeframes restated. Added new HSM approval class information for Key Loading Devices and Remote Administration Platforms. Clarifications to product types for self-contained OEM products.
Added
p. 31
PTS-HSM The sub-framework of the PCI-PTS device security framework that addresses the security of HSMs PTS-POI The sub-framework of the PCI-PTS device security framework that addresses the security of consumer-facing devices RAP Remote Administration Platform for HSMs.
Added
p. 38
PIN support Prompt control Key management PIN-entry technology KLD An SCD that may be used for securely receiving, storing, and transferring data between compatible cryptographic and communications equipment. Key-transfer and loading functions include the following:
Export of a key from one secure cryptographic device (SCD) to another SCD in plaintext, component, or enciphered form; Export of a key component from an SCD into a tamper- evident package (e.g., blind mailer); Import of key components into an SCD from a tamper- evident package; Temporary storage of the key in plaintext, component, or enciphered form within an SCD during transfer.
RAP This is for platforms that are used for remote administration of HSMs. Such administration may include device configuration and key-loading services.
Export of a key from one secure cryptographic device (SCD) to another SCD in plaintext, component, or enciphered form; Export of a key component from an SCD into a tamper- evident package (e.g., blind mailer); Import of key components into an SCD from a tamper- evident package; Temporary storage of the key in plaintext, component, or enciphered form within an SCD during transfer.
RAP This is for platforms that are used for remote administration of HSMs. Such administration may include device configuration and key-loading services.
Modified
p. 1
Payment Card Industry (PCI) PIN Transaction Security (PTS) Device Testing and Approval Program Guide Version 1.5
Payment Card Industry (PCI) PIN Transaction Security (PTS) Device Testing and Approval Program Guide Version 1.6
Modified
p. 5
Document Name Description Security Requirements PIN Transaction Security (PTS) Point of Interaction (POI) Modular Security Requirements, v4.1 PIN Security Requirements, v2.0 PIN Transaction Security (PTS) Hardware Security Module (HSM) Security Requirements, v2.0 Contain the physical and logical security requirements as well as device management requirements for activity prior to initial key loading.
Document Name Description Security Requirements PIN Transaction Security (PTS) Point of Interaction (POI) Modular Security Requirements, v5.0 PIN Security Requirements, v2.0 PIN Transaction Security (PTS) Hardware Security Module (HSM) Security Requirements, v3.0.0 Contain the physical and logical security requirements as well as device management requirements for activity prior to initial key loading.
Modified
p. 5
PTS POI: Frequently Asked Questions General frequently asked questions PTS POI Security Requirements Technical FAQs for use with Version 4 PTS PIN Security Requirements Technical FAQs for use with Version 2 Hardware Security Module (HSM) Technical FAQs for use with Version 2 Provide additional and timely clarifications to the application of the Security Requirements. The FAQs are an integral part of those requirements and shall be fully considered during the evaluation process.
PTS POI: Frequently Asked Questions General frequently asked questions PTS POI Security Requirements Technical FAQs for use with Version 5 PTS PIN Security Requirements Technical FAQs for use with Version 2 Hardware Security Module (HSM) Technical FAQs for use with Version 3 Provide additional and timely clarifications to the application of the Security Requirements. The FAQs are an integral part of those requirements and shall be fully considered during the evaluation process.
Modified
p. 5
Evaluation Vendor Questionnaires PIN Transaction Security (PTS) Point of Interaction (POI) Modular Evaluation Vendor Questionnaire, v4.1 PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire, v2.0 Solicit additional information from vendors to support their claims of the conformity of their devices to those requirements.
Evaluation Vendor Questionnaires PIN Transaction Security (PTS) Point of Interaction (POI) Modular Evaluation Vendor Questionnaire, v5.0 PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire, v3.0 Solicit additional information from vendors to support their claims of the conformity of their devices to those requirements.
Modified
p. 30
MSR Magnetic-stripe reader.
KLD Key-Loading Device MSR Magnetic-stripe reader.
Modified
p. 36
Vendors manufacturing OEM products that are “bolt on” or drop in type modules for UPTs may choose to partner with final form factor vendors of those UPTs (e.g., automated fuel dispenser or kiosk vendors). The OEM vendor’s product may meet most of the overall UPT security requirements and the OEM vendor may submit that product in conjunction with additional information from the final form factor vendor on behalf of that vendor, such as AFD or kiosk case design, to the …
Vendors manufacturing self-contained OEM products that are “bolt on” or drop in type modules (i.e. fully functional PED modules integrating all required components) for UPTs may choose to partner with final form factor vendors of those UPTs (e.g., automated fuel dispenser or kiosk vendors). The OEM vendor’s product may meet most of the overall UPT security requirements and the OEM vendor may submit that product in conjunction with additional information from the final form factor vendor on behalf of that …
Removed
p. 38
PIN support Prompt control Key management PIN-entry technology
Modified
p. 44 → 45
B.2 What is a Delta Evaluation? All initial evaluations under a major version (e.g., 1.x, 2.x, etc.) of the security requirements for a given product shall constitute a new evaluation and shall receive a new approval number.
B.2 What is a Delta Evaluation? All initial evaluations under a major version (e.g., 1.x, 2.x, 3.x. 4.x, etc.) of the security requirements for a given product shall constitute a new evaluation and shall receive a new approval number.
Modified
p. 44 → 45
Revisions to approved devices are termed “deltas.” Delta reviews involve the Recognized PTS Laboratory (or “PTS Lab”) assessing the changes based upon the most current major version of the security requirements used for the original assessment and the most current FAQ publication associated with those requirements. For example, if a device was originally assessed against PTS v2.0, any delta assessments would have to be performed using v2.1 (the most current version of PTS v2.x and the last issued v2.x FAQs). …
Revisions to approved devices are termed “deltas.” Delta reviews involve the Recognized PTS Laboratory (or “PTS Lab”) assessing the changes based upon the most current major version of the security requirements used for the original assessment and the most current FAQ publication associated with those requirements. For example, if a device was originally assessed against PTS POI v4.0, any delta assessments would have to be performed using v4.1 (the most current version of PTS v4.x and the last issued v4.x …
Modified
p. 44 → 45
Delta evaluations are not permitted to take a product previously approved under an earlier major version number of the PTS Standard
•e.g.,1.x
•to an approval under another major version number
•e.g.,2.x.
•e.g.,
•to an approval under another major version number
•e.g.,
Delta evaluations are not permitted to take a product previously approved under an earlier major version number of the PTS POI Standard
•e.g., 3.x
•to an approval under another major version number
•e.g., 4.x.
•e.g., 3.x
•to an approval under another major version number
•e.g., 4.x.