>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

DM-10Primary Account Number Data Restrictions

>Control Description

Organization restricts primary account number (PAN) data such that only the first six and last four digits are displayed; authorized users with a legitimate business need may be provided the full PAN.

Theme

Technology

Type

Preventive

Policy/Standard

Data Management Policy

>Implementation Guidance

1. Ensure that a process is defined and documented for redaction of credit card data. 2. Ensure that the organization restricts primary account number (PAN) data such that only the first six and last four digits are displayed. 3. Ensure that a process is defined to provide full PAN to authorized users with a legitimate business need.

>Testing Procedure

1. Inspect and validate whether a documented process exists for redaction of credit card data. 2. Validate that primary account number is stored such that only the first six and last four digits are displayed. 3. Inspect and validate whether a documented process exists to provide full PAN to authorized users with a legitimate business need.

>Audit Artifacts

E-DM-01
E-DM-13
E-DM-14

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

ISO 27002:2022
1

8.11

PCI DSS
3

3.4
3.4.1
3.4.2

Ask AI

Configure your API key to use AI features.