CPSA_P_New Exam Dumps : Card Production Security AssessorCPSA Physical NewExam

According to the PCI Card Production and Provisioning Logical Security Requirements, Secure Element (SE) provisioning is the process of adding cardholder account information to a secure element on a mobile device via an over-the-air or over-the-internet communication channel. A secure element is a tamper-resistant platform that can securely host applications and their confidential and cryptographic data. A SIM card is an example of a secure element that can be used for mobile payments. SE provisioning is different from Host Card Emulation (HCE) provisioning, which is the process of adding cardholder account information to a cloud-based server that emulates a secure element on a mobile device. SE provisioning is also different from card personalization, which is the process of adding cardholder account information to a physical card. Over-the-air (OTA) provisioning is a generic term that can refer to either SE or HCE provisioning, depending on the type of mobile payment system used. References: PCI Card Production and Provisioning Logical Security Requirements and Test Procedures v3.0, January 2022, pages 6-71

According to the PCI CPSA Qualification Requirements, one of the administrative requirements for CPSA Companies is to retain all applicant and employee background information on file for at least 12 months after termination of the contract of employment. This is to ensure that the CPSA Company can provide evidence of the background checks performed on the CPSA Employees or other personnel involved in card production and provisioning activities. The background checks should include criminal history, employment history, education verification, and reference checks, and should be conducted at least every two years or upon rehire. References: PCI CPSA Qualification Requirements, Version 1.1, April 2020, Section 6.1.2, Page 111

According to the PCI Card Production Physical Security Requirements, the vendor must ensure that a clear segregation of duties is maintained between guard and reception related job functions. This is to prevent any conflict of interest or collusion that could compromise the security of the card production and provisioning processes or the cardholder data. The vendor must also ensure that the guards are adequately trained, supervised, and evaluated, and that they follow the security policies and procedures established by the vendor. The vendor must also have a documented policy and procedure for the selection, hiring, and termination of guards, and must maintain a log of all guard activities. References:

• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 24, requirement 6.1.1
• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 25, requirement 6.1.2
• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 26, requirement 6.1.3
• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 27, requirement 6.1.4