Which statement about the Attestation of Compliance (AOC) is correct?
Attestation of Compliance (AOC):
The AOC is a document that confirms an entity's compliance with PCI DSS requirements. It is signed by the entity (merchant or service provider) and the Qualified Security Assessor (QSA) if a QSA is involved.
Different AOC Templates:
PCI DSS provides distinct templates for service providers and merchants, tailored to their respective roles and responsibilities within the cardholder data environment (CDE).
Invalid Options:
B: PCI SSC does not sign AOCs; they are signed by the merchant/service provider and the QSA.
C: AOCs differ between ROCs and SAQs, so the same template is not universally used.
D: Both the merchant/service provider and the QSA/ISA (Internal Security Assessor) must sign the AOC when applicable.
Caren
23 days agoBeatriz
25 days agoCaren
14 days agoSheron
16 days agoAdolph
30 days agoRosann
1 months agoHester
1 months agoLuis
1 months agoHershel
Leonard
8 days agoNieves
9 days agoEladia
17 days agoGianna
1 months agoLeota
1 months agoMeaghan
1 months ago