CPSA_P_New Exam Dumps : Card Production Security AssessorCPSA Physical NewExam

The PCI SSC is the best-placed organization to answer a query about a missing field in the card production reporting template, as they are the ones who develop and maintain the template and the standards. The card production reporting template is the mandatory template for use in completing a Card Production Report on Compliance (ROC), which provides detail on how to document the findings of a PCI Card Production Assessment. The template is based on the PCI Card Production and Provisioning LogicalSecurity Requirements and the PCI Card Production and Provisioning Physical Security Requirements, which are also developed and maintained by the PCI SSC. Therefore, the PCI SSC has the authority and the expertise to clarify any issues or questions regarding the template and the standards. The other options are not the best sources of information for the query, as they may not have the same level of knowledge or involvement in the template and the standards. References:

• PCI Card Production and Provisioning Template for Report on Compliance, Version 1.0, April 2019, page 31
• PCI Card Production Security Assessor (CPSA) Program Guide, Version 1.0, April 2019, page 52
• PCI Card Production Security Assessor (CPSA) Program Guide, Version 1.0, April 2019, page 82

According to the PCI Card Production Physical Security Requirements, the goods-tools trap is a secure area that separates the HSA from the outside world, and is used to control the entry and exit of card products, tools, and other materials. The goods-tools trap must have two doors that are interlocked, meaning that only one door can be opened at a time. The goods-tools trap must also have a CCTV camera and an alarm system. The process of bringing card products into the HSA using the goods-tools trap must follow these steps1:

• The card products must be delivered to the goods-tools trap by authorized personnel, who must present their identification to the guard and sign a delivery note.
• The guard must verify the identification of the personnel and the quantity and quality of the card products, and record the details in a log.
• The guard must then escort the personnel to the first door of the goods-tools trap, and open it using a key or a card reader. The personnel must place the card products inside the goods-tools trap and exit the area. The guard must then lock the first door.
• The guard must then notify the production staff inside the HSA that the card products are ready to be collected. The production staff must present their identification to the guard and sign a receipt note.
• The guard must then escort the production staff to the second door of the goods-tools trap, and open it using a key or a card reader. The production staff must collect the card products from the goods-tools trap and enter the HSA. The guard must then lock the second door.

In this scenario, the guard escorted the production staff, along with the box, into the pre-press room. This is not compliant, because the guard is not authorized to enter the HSA, and the card products must remain under dual control at all times. The guard should have stayed outside the HSA and only opened the second door of the goods-tools trap for the production staff. This would ensure that the card products are securely transferred from the goods-tools trap to the HSA, and that the guard does not compromise the security of the HSA. References:

• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 15, requirement 2.1.1
• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 16, requirement 2.1.2
• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 17, requirement 2.1.3
• PCI Card Production Physical Security Requirements, v2.0, April 2019, page 18, requirement 2.1.4

According to the PCI CPSA Qualification Requirements, one of the administrative requirements for CPSA Companies is to retain all applicant and employee background information on file for at least 12 months after termination of the contract of employment. This is to ensure that the CPSA Company can provide evidence of the background checks performed on the CPSA Employees or other personnel involved in card production and provisioning activities. The background checks should include criminal history, employment history, education verification, and reference checks, and should be conducted at least every two years or upon rehire. References: PCI CPSA Qualification Requirements, Version 1.1, April 2020, Section 6.1.2, Page 111