During a penetration testing engagement for a financial institution, your team is required to assess the security of the client's payment processing system which stores and transmits credit card data. What type of document is MOST important to review before beginning any testing to ensure compliance with industry regulations?
Master service agreement
Non-disclosure agreement (NDA)
Payment Card Industry Data Security Standard (PCI DSS) documentation
The Payment Card Industry Data Security Standard (PCI DSS) is a regulatory compliance consideration for any entity that stores, processes, or transmits credit card information. Reviewing the Service-level agreement (SLA) or the Non-disclosure agreement (NDA) does not directly address regulatory compliance related to credit card data security. While the Master service agreement provides overall terms and conditions of service between two parties, it may not specifically address compliance with PCI DSS.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PCI DSS and why is it important?
Open an interactive chat with Bash
What happens if a company fails to comply with PCI DSS?