pci pa-dss request for information
TRANSCRIPT
atsec information security
www.atsec.com
email contact for PA-DSS: [email protected]
PA-DSS RFI v1.0 © 2010 atsec information security page 1/5
Payment Application Data Security Standard (PA-DSS) Assessment Request for Information
This form guides you in gathering the basic information that atsec needs in order to provide you with information about a Payment Application Data Security Standard (PA-DSS) Assessment.
Please complete this form and submit it via email or fax. If you have concerns about sharing proprietary information, please contact us to set up an NDA and appropriate transaction security before submitting the form to us.
More information on PA-DSS is available from the PCI Security Standards Council at: https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml.
Contact Information
Company name:
Contact name:
Address:
City:
State:
Country:
Zip/Postal code:
Email:
Phone:
Application Details
What is the name and version of the application?
What is the version number of the application?
Provide a brief description of the application:
PA-DSS RFI v1.0 © 2010 atsec information security page 2/5
PA-DSS Assessment Request for Information
Select all application functionality that applies:
Point of Sale
Middleware
Automated Fuel Dispenser
Shopping Cart
Settlement, back-end processing
Gateway
Other
What kinds of transactions are supported?
Card not present (E-Commerce)
Card present
Select the application architecture:
Hardware-terminal
Client/server
Standalone
Networked
Module-based (only a subset of software modules are involved in transaction processing)
SaaS (Software as a Service, hosted remotely)
What platforms/operating systems is the application is running on?
Which application servers are being used (for example, WebSphere, WebLogic)?
Are there any web-based user/administration interfaces?
Yes
No
Which authentication mechanisms does the application support?
PINs/Passwords
Certificates
Biometric properties
Other
PA-DSS RFI v1.0 © 2010 atsec information security page 3/5
PA-DSS Assessment Request for Information
Scope
What is the size of the application’s typical customers?
Large (for example, organizations with multiple branches)
Small (for example, local businesses)
The application is sold via:
Integrators
Resellers
Direct
Who installs and configures the application?
Your organization
Reseller
Customer
Are parts of the application hosted by you (for example, processing back-end)?
Yes
No
Is remote access to the application (for administering, servicing) possible?
Yes, the payment application provider/integrators have remote access for service purposes
Yes, the customer’s administrators have access for operational purposes
No
Is this a new application, or have earlier versions been distributed to customers?
Yes, it’s new
No, earlier versions exist
Languages the application is marketed to (for example, English, Spanish):
Is wireless technology (for example, WLAN, infrared) integrated into the application?
Yes
No
PA-DSS RFI v1.0 © 2010 atsec information security page 4/5
PA-DSS Assessment Request for Information
Advanced Preparation
Has this or an earlier version of the application been certified under PABP or PA-DSS before?
No
Yes
If yes, will previous test reports be available for the lab’s use?
Yes
No
Do you expect to need help from atsec understanding the requirements of the PA-DSS and bringing your application into compliance with PA-DSS?
Yes
No
Are administration/user/installation/configuration manuals available?
Yes
No
If yes, please provide a copy with this RFI.
Has a PA-DSS Implementation Guide been written?
Yes
No
If yes, please provide a copy with this RFI.
Do you have a test environment that simulates a real-life environment to test all of the application’s functionality and supported transactions?
Yes
No
Comments
Additional comments:
If you have any questions, please contact atsec at [email protected] or by telephone (see http://www.atsec.com/us/addresses-contact.html for regional office numbers).
PA-DSS RFI v1.0 © 2010 atsec information security page 5/5