This whitepaper is about PCI DSS v3.0 Requirement 3.4 – the requirement to protect cardholder data on disk/at rest.
There are a number of compliant options available, with varying levels of security in different scenarios. This document is intended as an analysis of the various compliant options such that the reader can choose an option that makes sense – and in doing so, meet their compliance obligations while also improving security and keeping costs proportionate.
This whitepaper was written by Rob Chahin, managing consultant at iSEC Partners, one of NCC Group’s US divisions.