CPSA_P_New Exam Dumps : Card Production Security AssessorCPSA Physical NewExam

According to the PCI CPSA Program Guide, a CPSA Company must maintain workpapers and technical information obtained during an assessment for a minimum of three years from the date of the assessment. The workpapers and technical information must be stored securely and made available to PCI SSC upon request. The workpapers and technical information must include, but are not limited to, the following:

• The Card Production Report on Compliance (ROC) and the Card Production Attestation of Compliance (AOC)
• The Card Production Entity’s policies and procedures
• The Card Production Entity’s network diagrams and data flow diagrams
• The results of any testing performed by the CPSA Company or the Card Production Entity
• The evidence of any remediation actions taken by the Card Production Entity
• The correspondence between the CPSA Company and the Card Production Entity
• The correspondence between the CPSA Company and the payment brands
• The feedback form completed by the Card Production Entity References:
• PCI Card Production Security Assessor (CPSA) Program Guide, Version 1.0, April 2019, page 111

According to the PCI Card Production and Provisioning Logical Security Requirements, Secure Element (SE) provisioning is the process of adding cardholder account information to a secure element on a mobile device via an over-the-air or over-the-internet communication channel. A secure element is a tamper-resistant platform that can securely host applications and their confidential and cryptographic data. A SIM card is an example of a secure element that can be used for mobile payments. SE provisioning is different from Host Card Emulation (HCE) provisioning, which is the process of adding cardholder account information to a cloud-based server that emulates a secure element on a mobile device. SE provisioning is also different from card personalization, which is the process of adding cardholder account information to a physical card. Over-the-air (OTA) provisioning is a generic term that can refer to either SE or HCE provisioning, depending on the type of mobile payment system used. References: PCI Card Production and Provisioning Logical Security Requirements and Test Procedures v3.0, January 2022, pages 6-71

 According to the PCI Card Production Physical Security Requirements, the receptionist responsible for the entrance and departure of visitors must have an unobstructed view of the reception area at all times. This is to ensure that the receptionist can monitor and control the access of visitors, and to prevent any unauthorized entry or exit of personnel or materials. The receptionist must also have a means of verifying the identity of visitors, such as a photo ID or a visitor log, and a means of issuing and collecting visitor badges, such as a badge printer or a badge holder. The receptionist must also have a means of communicating with the security personnel or the security control room, such as a phone or an intercom, in case of any emergency or suspicious activity. References:

• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 21, requirement 5.3.1
• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 22, requirement 5.3.2
• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 23, requirement 5.3.3