CPSA_P_New Exam Dumps : Card Production Security AssessorCPSA Physical NewExam

The PCI SSC is the best-placed organization to answer a query about a missing field in the card production reporting template, as they are the ones who develop and maintain the template and the standards. The card production reporting template is the mandatory template for use in completing a Card Production Report on Compliance (ROC), which provides detail on how to document the findings of a PCI Card Production Assessment. The template is based on the PCI Card Production and Provisioning LogicalSecurity Requirements and the PCI Card Production and Provisioning Physical Security Requirements, which are also developed and maintained by the PCI SSC. Therefore, the PCI SSC has the authority and the expertise to clarify any issues or questions regarding the template and the standards. The other options are not the best sources of information for the query, as they may not have the same level of knowledge or involvement in the template and the standards. References:

• PCI Card Production and Provisioning Template for Report on Compliance, Version 1.0, April 2019, page 31
• PCI Card Production Security Assessor (CPSA) Program Guide, Version 1.0, April 2019, page 52
• PCI Card Production Security Assessor (CPSA) Program Guide, Version 1.0, April 2019, page 82

According to the PCI CPSA Program Guide, a CPSA Company must maintain workpapers and technical information obtained during an assessment for a minimum of three years from the date of the assessment. The workpapers and technical information must be stored securely and made available to PCI SSC upon request. The workpapers and technical information must include, but are not limited to, the following:

• The Card Production Report on Compliance (ROC) and the Card Production Attestation of Compliance (AOC)
• The Card Production Entity’s policies and procedures
• The Card Production Entity’s network diagrams and data flow diagrams
• The results of any testing performed by the CPSA Company or the Card Production Entity
• The evidence of any remediation actions taken by the Card Production Entity
• The correspondence between the CPSA Company and the Card Production Entity
• The correspondence between the CPSA Company and the payment brands
• The feedback form completed by the Card Production Entity References:
• PCI Card Production Security Assessor (CPSA) Program Guide, Version 1.0, April 2019, page 111

The assessor is the person who conducts the PCI Card Production Security Assessment and prepares the Card Production Report on Compliance (ROC) and the Card Production Attestation of Compliance (AOC). The assessor should be familiar with the forms that are needed to complete an assessment and provide guidance to the vendor on how to fill them out. The assessor should also ensure that the forms are consistent with the PCI Card Production Standards and the PCI CPSA Qualification Requirements. The other options are not the best sources of information for the vendor, as they may not be directly involved in the assessment process or have the expertise to advise on the forms. References:

• PCI Card Production Security Assessor (CPSA) Program Guide, Version 1.0, April 2019, page 81
• PCI Card Production Security Assessor (CPSA) Qualification Requirements, Version 1.0, April 2019, page 10
• PCI Card Production and Provisioning Template for Report on Compliance, Version 1.0, April 2019, page 3
• PCI Card Production and Provisioning Attestation of Compliance, Version 1.0, April 2019, page 22