Security Audit Procedures

Executive Summary

Business Description

Service Providers

List Processor Relationships

Connection to Payment Card Company

Wholly-owned Entities

International Entities

Timeframe

The on-site assessment occurred between <Month, Day, and Year> through <Month, Day, and Year>.

Constraints

Where there any obstacles to collecting information for the assessment?

Interviewees

The following individuals were interviewed:

Insert detailed listing of all persons involved with this audit here. Include contact numbers, position information, and any other identifying information that might be helpful for future reference. Include subject matter details and dates.

Scope of Audit

Include detailed narrative and illustrative information to adequately describe in detail the full scope of this assessment. Include a separate technical detail along with an executive summary of your findings.

Network Description

Insert detailed declaration of all network segmentation information here.

Server Environment

Insert itemization of all application support servers here.

Logging

Insert information pertinent to logging facilities here.

Application Environment Description

Insert critical application itemization information here.

Critical Infrastructure Hardware and Software

Insert critical infrastructure hardware and support software itemization information here.

POS Products

Insert list of POS items here.

Exclusions

Insert exclusionary items here.

Quarterly Scan Results

• Please briefly summarize the 4 most recent quarterly scan results in comments at Requirement 11.2.
• The scan should cover all externally accessible (Internet-facing) IP addresses in existence at the entity.

Insert testing results here.

--Mdpeters 07:14, 3 March 2007 (EST)