Requirement 3.4 of theYes. PCI DSS Requirement 3.5.1 applies to mainframes that store cardholder data. If thea company has legitimate business or technical constraints to meetin meeting this or any other requirement, compensating controls may be appliconsidered. Compensating controls must be commensurate withaddress the additional risk imposntroduced by not adhering tomeeting the original requirement. Please r

Refer to Appendices B and C of the PCI DSS for more information on the use of compensating controls.v4.0.1 for more information about compensating controls.