Which statement about the Attestation of Compliance (AOC) is correct?
Attestation of Compliance (AOC):
The AOC is a document that confirms an entity's compliance with PCI DSS requirements. It is signed by the entity (merchant or service provider) and the Qualified Security Assessor (QSA) if a QSA is involved.
Different AOC Templates:
PCI DSS provides distinct templates for service providers and merchants, tailored to their respective roles and responsibilities within the cardholder data environment (CDE).
Invalid Options:
B: PCI SSC does not sign AOCs; they are signed by the merchant/service provider and the QSA.
C: AOCs differ between ROCs and SAQs, so the same template is not universally used.
D: Both the merchant/service provider and the QSA/ISA (Internal Security Assessor) must sign the AOC when applicable.
Caren
1 months agoBeatriz
2 months agoCaren
1 months agoSheron
1 months agoAdolph
2 months agoRosann
2 months agoHester
2 months agoLuis
2 months agoHershel
21 days agoLeonard
28 days agoNieves
29 days agoEladia
1 months agoGianna
2 months agoLeota
2 months agoMeaghan
2 months ago